000release-packages:SLE-Micro-release
n/a
aaa_base
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  to also fix the typo to set JAVA_BINDIR in the csh variant
  of the alljava profile script (bsc#1221361)

- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  drop the stderr redirection for csh (bsc#1221361)
- add git-49-3f8f26123d91f70c644677a323134fc79318c818.patch
  drop sysctl.d/50-default-s390.conf (bsc#1211721)
- add aaa_base-preinstall.patch
  make sure the script does not exit with 1 if a file
  with content is found (bsc#1222547)

- add patch git-48-477bc3c05fcdabf9319e84278a1cba2c12c9ed5a.patch
  home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile

- silence the output in the case of broken symlinks (bsc#1218232)

- fix git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  to actually apply

- replace git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  by git-47-056fc66c699a8544c7692a03c905fca568f5390b.patch
  * fix the issues from bsc#1107342 and bsc#1215434 and just
    use the settings from update-alternatives to set JAVA_HOME
audit-secondary
- Fix plugin termination when using systemd service units (bsc#1215377)
  * add auditd.service-fix-plugin-termination.patch
ca-certificates
- Update to version 2+git20240416.98ae794 (bsc#1221184):
  * Use flock to serialize calls (boo#1188500)
  * Make certbundle.run container friendly
  * Create /var/lib/ca-certificates if needed
catatonit
- Update to catatonit v0.2.0.
  * Change license to GPL-2.0-or-later.
- Remove upstreamed patches:
  - 99bb9048f.patch
chrony
- Use make quickcheck instead of make check to avoid >1h build
  times and failures due to timeouts. This was the default before
  3.2 but it changed to make tests more reliable. Here a seed is
  already set to get deterministic execution.

- Use shorter NTS-KE retry interval when network is down
  (bsc#1213551, chrony-burst_total_samples_to_go.patch,
  chrony-retry_interval_ke_start.patch).
cloud-netconfig
- Update to version 1.14
  + Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757)

- Add version settings to Provides/Obsoletes

- Update to version 1.12 (bsc#1221202)
  + If token access succeeds using IPv4 do not use the IPv6 endpoint
    only use the IPv6 IMDS endpoint if IPv4 access fails.

- Add Provides/Obsoletes for dropped cloud-netconfig-nm
- Install dispatcher script into /etc/NetworkManager/dispatcher.d
  on older distributions
- Add BuildReqires: NetworkManager to avoid owning dispatcher.d
  parent directory

- Update to version 1.11:
  + Revert address metadata lookup in GCE to local lookup (bsc#1219454)
  + Fix hang on warning log messages
  + Check whether getting IPv4 addresses from metadata failed and abort
    if true
  + Only delete policy rules if they exist
  + Skip adding/removing IPv4 ranges if metdata lookup failed
  + Improve error handling and logging in Azure
  + Set SCRIPTDIR when installing netconfig wrapper

- Update to version 1.10:
  + Drop cloud-netconfig-nm sub package and include NM dispatcher
    script in main packages (bsc#1219007)
  + Spec file cleanup

- Update to version 1.9:
  + Drop package dependency on sysconfig-netconfig
  + Improve log level handling
  + Support IPv6 IMDS endpoint in EC2 (bsc#1218069)
cloud-regionsrv-client
- Update to version 10.1.7 (bsc#1220164, bsc#1220165)
  + Fix the failover path to a new target update server. At present a new
    server is not found since credential validation fails. We targeted
    the server detected in down condition to verify the credentials instead
    of the replacement server.
containerd
- Update to containerd v1.7.17. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.17>
- Switch back to using tar_scm service. Aside from obs_scm using more bandwidth
  and storage than a locally-compressed tar.xz, it seems there's some weird
  issue with paths in obscpio that break our SLE-12-only patch.
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.16. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.16>
  CVE-2023-45288 bsc#1221400

- Use obs_scm service instead of tar_scm
- Removed patch 0002-shim-Create-pid-file-with-0644-permissions.patch
  (merged upstream at
  <https://github.com/containerd/containerd/pull/9571>)
- Update to containerd v1.7.15. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.15>
- Update to containerd v1.7.14. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.14>
- Update to containerd v1.7.13. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.13>
- Update to containerd v1.7.12. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.12>
- Update to containerd v1.7.11. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.11>
  GHSA-jq35-85cj-fj4p bsc#1224323

- Use %patch -P N instead of deprecated %patchN.

- Enable manpage generation
- Make devel package noarch
- adjust rpmlint filters
coreutils
- ls: avoid triggering automounts (bsc#1221632)
  - add coreutils-ls-avoid-triggering-automounts.patch

- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
  - add coreutils-tail-fix-tailing-sysfs-files-where-PAGE_SIZE-BUFSIZ.patch
cpio
- Fix cpio not working after the fix in bsc#1218571, fixes bsc#1219238
  * fix-bsc1219238.patch
curl
- Security fix: [bsc#1221665, CVE-2024-2004]
  * Usage of disabled protocol
  * Add curl-CVE-2024-2004.patch

- Security fix: [bsc#1221667, CVE-2024-2398]
  * curl: HTTP/2 push headers memory-leak
  * Add curl-CVE-2024-2398.patch
docker
- Add patch to fix bsc#1220339
  * 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch

- Allow to disable apparmor support (ALP supports only SELinux)

- Vendor latest buildkit v0.11:
  Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that
  vendors in the latest v0.11 buildkit branch including bugfixes for the following:
  * bsc#1219438: CVE-2024-23653
  * bsc#1219268: CVE-2024-23652
  * bsc#1219267: CVE-2024-23651
- rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- switch from %patchN to %patch -PN syntax
- remove unused rpmlint filters and add filters to silence pointless bash & zsh
  completion warnings
transactional-update
- Version 4.1.8
  - tukit: Properly handle overlay syncing failures: If the system
    would not be rebooted and several snapshots accumulated in the
    meantime, it was possible that the previous base snapshot -
    required for /etc syncing - was deleted already. In that case
    changes in /etc might have been reset.
    [gh#openSUSE/transactional-update#116]
    [gh#kube-hetzner/terraform-hcloud-kube-hetzner#1287]
- Version 4.1.7
  - Always use zypper of installed system [bsc#1221346]
e2fsprogs
EA Inode handling fixes:
- ext2fs-avoid-re-reading-inode-multiple-times.patch: ext2fs: avoid re-reading
  inode multiple times (bsc#1223596)
- e2fsck-fix-potential-out-of-bounds-read-in-inc_ea_in.patch: e2fsck: fix
  potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
- e2fsck-add-more-checks-for-ea-inode-consistency.patch: e2fsck: add more
  checks for ea inode consistency (bsc#1223596)
- e2fsck-fix-golden-output-of-several-tests.patch: e2fsck: fix golden output of
  several tests (bsc#1223596)
glib2
- Add patches to fix CVE-2024-34397 (boo#1224044):
  glib2-CVE-2024-34397.patch (glgo#GNOME/glib#3268).
  glib2-fix-ibus-regression.patch (glgo#GNOME/glib#3353)
glibc
- nscd-netgroup-cache-timeout.patch: Use time_t for return type of
  addgetnetgrentX (CVE-2024-33602, bsc#1223425)

- ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue
  for _start routine (bsc#1221940)

- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
  nscd: Stack-based buffer overflow in netgroup cache
  (CVE-2024-33599, bsc#1223423, BZ #31677)
- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
  nscd: Avoid null pointer crashes after notfound response
  (CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
  nscd: Do not send missing not-found response in addgetnetgrentX
  (CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
  netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
  CVE-2024-33602, bsc#1223425, BZ #31680)

- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
  writes when writing escape sequence (CVE-2024-2961, bsc#1222992)

- duplocale-global-locale.patch: duplocale: protect use of global locale
  (bsc#1220441, BZ #23970)

- qsort-invalid-cmp.patch: qsort: handle degenerated compare function
  (bsc#1218866)

- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
  EAI_MEMORY (bsc#1217589, BZ #31163)

- aarch64-rawmemchr-unwind.patch: aarch64: correct CFI in rawmemchr
  (bsc#1217445, BZ #31113)
iputils
- Update 0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
  after upstream merged the fix, update git commit hashes.

- Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877)
  0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch

- Backport upstream fix for bsc#1224877
  4db1de6 ("arping: Fix 1s delay on exit for unsolicited arpings")
  0001-arping-Fix-1s-delay-on-exit-for-unsolicited-arpings.patch
kernel-default
- net: preserve kabi for sk_buff (CVE-2024-26921 bsc#1223138).
- commit 68cb9bf

- inet: inet_defrag: prevent sk release while still in use
  (CVE-2024-26921 bsc#1223138).
- commit fb20c1d

- Update references
- commit 006ab15

- bpf: Protect against int overflow for stack access size
  (bsc#1224488 CVE-2024-35905).
- commit 1edb341

- cifs: fix underflow in parse_server_interfaces() (bsc#1223084,
  CVE-2024-26828).
- commit cade548

- smb: client: fix potential UAF in is_valid_oplock_break()
  (bsc#1224763, CVE-2024-35863).
- commit bfa9e6b

- smb: client: fix potential UAF in cifs_stats_proc_show()
  (bsc#1224664, CVE-2024-35867).
- commit 45bad5a

- smb: client: fix potential UAF in cifs_stats_proc_write()
  (bsc#1224678, CVE-2024-35868).
- commit 3ae3416

- smb: client: fix potential UAF in cifs_debug_files_proc_show()
  (bsc#1223532, CVE-2024-26928).
- commit e95e3a6

- Update
  patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
  (git-fixes CVE-2023-52736 bsc#1225486).
- Update
  patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
  (git-fixes CVE-2023-52806 bsc#1225554).
- Update
  patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
  (git-fixes CVE-2023-52833 bsc#1225595).
- Update
  patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
  (bsc#1208149 CVE-2023-52739 bsc#1225118).
- Update
  patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
  (git-fixes CVE-2023-52745 bsc#1225032).
- Update
  patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
  (git-fixes CVE-2023-52747 bsc#1224931).
- Update
  patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
  (git-fixes CVE-2023-52840 bsc#1224928).
- Update
  patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
  (git-fixes CVE-2023-52744 bsc#1225121).
- Update
  patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
  (git-fixes CVE-2023-52834 bsc#1225599).
- Update
  patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
  (git-fixes CVE-2023-52878 bsc#1225000).
- Update
  patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
  (git-fixes CVE-2023-52741 bsc#1225479).
- Update
  patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
  (git-fixes CVE-2023-52875 bsc#1225096).
- Update
  patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
  (git-fixes CVE-2023-52870 bsc#1224937).
- Update
  patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
  (git-fixes CVE-2023-52873 bsc#1225589).
- Update
  patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
  (git-fixes CVE-2023-52865 bsc#1225086).
- Update
  patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
  (git-fixes CVE-2023-52858 bsc#1225566).
- Update
  patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
  (git-fixes CVE-2023-52876 bsc#1225036).
- Update
  patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
  (git-fixes CVE-2023-52819 bsc#1225532).
- Update
  patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
  (git-fixes CVE-2023-52818 bsc#1225530).
- Update
  patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
  (git-fixes CVE-2023-52753 bsc#1225478).
- Update
  patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
  (git-fixes CVE-2023-52817 bsc#1225569).
- Update
  patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
  (git-fixes CVE-2023-52814 bsc#1225565).
- Update
  patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
  (git-fixes CVE-2023-52738 bsc#1225005).
- Update
  patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
  (git-fixes CVE-2023-52825 bsc#1225076).
- Update
  patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
  (git-fixes CVE-2023-52816 bsc#1225529).
- Update
  patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
  (git-fixes CVE-2023-52856 bsc#1224932).
- Update
  patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
  (git-fixes CVE-2023-52821 bsc#1225022).
- Update
  patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
  (git-fixes CVE-2023-52826 bsc#1225077).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
  (git-fixes CVE-2023-52867 bsc#1225009).
- Update
  patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
  (git-fixes CVE-2023-52838 bsc#1225031).
- Update
  patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
  (git-fixes CVE-2023-52810 bsc#1225557).
- Update
  patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
  (git-fixes CVE-2023-52804 bsc#1225550).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
  (git-fixes CVE-2023-52759 bsc#1225560).
- Update
  patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
  (git-fixes CVE-2023-52853 bsc#1224988).
- Update
  patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
  (git-fixes CVE-2023-52791 bsc#1225108).
- Update
  patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
  (git-fixes CVE-2023-52763 bsc#1225570).
- Update
  patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
  (git-fixes CVE-2023-52788 bsc#1225106).
- Update
  patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
  (git-fixes CVE-2023-52743 bsc#1225003).
- Update
  patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
  (git-fixes CVE-2023-52799 bsc#1225472).
- Update
  patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
  (git-fixes CVE-2023-52805 bsc#1225553).
- Update
  patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
  (git-fixes CVE-2023-52847 bsc#1225588).
- Update
  patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
  (git-fixes CVE-2023-52764 bsc#1225571).
- Update
  patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
  (git-fixes CVE-2023-52754 bsc#1225490).
- Update
  patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
  (git-fixes CVE-2023-52841 bsc#1225592).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
  (git-fixes CVE-2023-52844 bsc#1225590).
- Update
  patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
  (git-fixes CVE-2023-52708 bsc#1225483).
- Update
  patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
  (git-fixes CVE-2023-52730 bsc#1224956).
- Update
  patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
  (git-fixes CVE-2023-52742 bsc#1225482).
- Update
  patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
  (git-fixes CVE-2023-52702 bsc#1224945).
- Update
  patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
  (git-fixes CVE-2023-52703 bsc#1225549).
- Update
  patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
  (git-fixes CVE-2023-52854 bsc#1225584).
- Update
  patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
  (git-fixes CVE-2023-52864 bsc#1225132).
- Update
  patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
  (bsc#1194869 CVE-2023-52740 bsc#1225471).
- Update
  patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
  (bsc#1065729 CVE-2023-52686 bsc#1224682).
- Update
  patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
  (bsc#1194869 CVE-2023-52690 bsc#1224611).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
  CVE-2023-52756 bsc#1225461).
- Update
  patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
  (git-fixes bsc#1217515 CVE-2023-52774 bsc#1225572).
- Update
  patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
  (git-fixes bsc#1213863 CVE-2023-52733 bsc#1225488).
- Update
  patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
  (bsc#1209799 CVE-2023-52707 bsc#1225109).
- Update
  patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
  (git-fixes CVE-2023-52871 bsc#1225534).
- Update
  patches.suse/thermal-core-prevent-potential-string-overflow.patch
  (git-fixes CVE-2023-52868 bsc#1225044).
- Update
  patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
  (git-fixes CVE-2023-52872 bsc#1225591).
- Update
  patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
  (bsc#1222619 CVE-2023-52880).
- Update
  patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
  (git-fixes CVE-2023-52789 bsc#1225180).
- Update
  patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
  (git-fixes CVE-2023-52781 bsc#1225092).
- Update
  patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
  (git-fixes CVE-2023-52855 bsc#1225583).
- Update
  patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
  (git-fixes CVE-2023-52877 bsc#1224944).
- Update
  patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
  (git-fixes CVE-2023-52798 bsc#1224947).
- Update
  patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
  (git-fixes CVE-2023-52832 bsc#1225577).
- commit c6aceca

- Update
  patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
  (git-fixes CVE-2022-48710 bsc#1225230).
- Update
  patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
  (git-fixes CVE-2022-48709 bsc#1225095).
- Update
  patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
  (git-fixes CVE-2022-48708 bsc#1224942).
- commit 41f6d79

- Update
  patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
  (git-fixes CVE-2021-47511 bsc#1225411).
- Update
  patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
  (git-fixes CVE-2021-47509 bsc#1225409).
- Update
  patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
  (git-fixes stable-5.14.10 CVE-2021-47381 bsc#1225206).
- Update
  patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
  (git-fixes CVE-2021-47502 bsc#1225369).
- Update
  patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
  (stable-5.14.10 CVE-2021-47380 bsc#1225205).
- Update
  patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
  (stable-5.14.10 CVE-2021-47404 bsc#1225303).
- Update
  patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
  (git-fixes CVE-2021-47522 bsc#1225437).
- Update
  patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
  (stable-5.14.10 CVE-2021-47405 bsc#1225238).
- Update
  patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
  (jsc#SLE-19242 CVE-2021-47523 bsc#1225438).
- Update
  patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
  (stable-5.14.16 CVE-2021-47485 bsc#1224904).
- Update
  patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
  (stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
  CVE-2021-43056 CVE-2021-47465 bsc#1225341).
- Update
  patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
  (stable-5.14.10 CVE-2021-47389 bsc#1225126).
- Update
  patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
  (stable-5.14.15 CVE-2021-47450 bsc#1225258).
- Update
  patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
  (stable-5.14.10 CVE-2021-47390 bsc#1225125).
- Update
  patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
  (stable-5.14.10 CVE-2021-47407 bsc#1225306).
- Update
  patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
  (stable-5.14.14 CVE-2021-47442 bsc#1225263).
- Update
  patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
  (stable-5.14.14 CVE-2021-47443 bsc#1225262).
- Update
  patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
  (stable-5.14.10 CVE-2021-47391 bsc#1225318).
- Update
  patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
  (stable-5.14.10 CVE-2021-47392 bsc#1225320).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
  (stable-5.14.10 CVE-2021-47398 bsc#1225131).
- Update
  patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
  (stable-5.14.16 CVE-2021-47481 bsc#1224910).
- Update
  patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
  (stable-5.14.9 CVE-2021-47366 bsc#1225160).
- Update
  patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
  (CVE-2021-39698 bsc#1196956 CVE-2021-47505 bsc#1225400).
- Update
  patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
  (stable-5.14.15 CVE-2021-47464 bsc#1225393).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
  (stable-5.14.9 CVE-2021-47360 bsc#1225122).
- Update
  patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
  (stable-5.14.9 CVE-2021-47379 bsc#1225203).
- Update
  patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
  (stable-5.14.9 CVE-2021-47375 bsc#1225193).
- Update
  patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
  (stable-5.14.11 CVE-2021-47412 bsc#1225332).
- Update
  patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
  (stable-5.14.9 CVE-2021-47376 bsc#1225195).
- Update
  patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
  (stable-5.14.12 CVE-2021-47426 bsc#1225370).
- Update
  patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
  (stable-5.14.14 CVE-2021-47433 bsc#1225392).
- Update
  patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
  (bsc#1197915 CVE-2021-47510 bsc#1225410).
- Update
  patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
  (stable-5.14.15 CVE-2021-47457 bsc#1225235).
- Update
  patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
  (stable-5.14.15 CVE-2021-47459 bsc#1225253).
- Update
  patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
  (git-fixes CVE-2021-47520 bsc#1225431).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
  (stable-5.14.15 CVE-2021-47456 bsc#1225256).
- Update
  patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
  (git-fixes CVE-2021-47521 bsc#1225435).
- Update
  patches.suse/cfg80211-fix-management-registrations-locking.patch
  (git-fixes stable-5.14.16 CVE-2021-47494 bsc#1225450).
- Update
  patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
  (stable-5.14.16 CVE-2021-47488 bsc#1224902).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
  (stable-5.14.9 CVE-2021-47359 bsc#1225145).
- Update
  patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
  (stable-5.14.9 CVE-2021-47364 bsc#1225158).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
  (git-fixes stable-5.14.18 CVE-2021-47477 bsc#1224912).
- Update
  patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
  (git-fixes stable-5.14.18 CVE-2021-47476 bsc#1224913).
- Update
  patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
  (git-fixes stable-5.14.18 CVE-2021-47474 bsc#1224915).
- Update
  patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
  (git-fixes stable-5.14.18 CVE-2021-47475 bsc#1224914).
- Update
  patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
  (stable-5.14.10 CVE-2021-47387 bsc#1225316).
- Update
  patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
  (git-fixes CVE-2021-47514 bsc#1225425).
- Update
  patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
  (stable-5.14.14 CVE-2021-47435 bsc#1225247).
- Update
  patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
  (stable-5.14.14 CVE-2021-47498 bsc#1225357).
- Update
  patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
  (stable-5.14.9 CVE-2021-47374 bsc#1225191).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
  (git-fixes CVE-2021-47550 bsc#1225379).
- Update
  patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
  (git-fixes CVE-2021-47551 bsc#1225510).
- Update
  patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
  (stable-5.14.9 CVE-2021-47362 bsc#1225153).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
  (stable-5.14.13 CVE-2021-47431 bsc#1225390).
- Update
  patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
  (git-fixes stable-5.14.12 CVE-2021-47421 bsc#1225353).
- Update
  patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
  (git-fixes stable-5.14.12 CVE-2021-47420 bsc#1225339).
- Update
  patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
  (stable-5.14.11 CVE-2021-47410 bsc#1225331).
- Update
  patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
  (git-fixes stable-5.14.14 CVE-2021-47444 bsc#1225243).
- Update
  patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
  (git-fixes stable-5.14.14 CVE-2021-47445 bsc#1225261).
- Update
  patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
  (git-fixes stable-5.14.14 CVE-2021-47447 bsc#1225260).
- Update
  patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
  (git-fixes stable-5.14.14 CVE-2021-47446 bsc#1225240).
- Update
  patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
  (git-fixes CVE-2021-47535 bsc#1225446).
- Update
  patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
  (stable-5.14.15 CVE-2021-47471 bsc#1225187).
- Update
  patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
  (git-fixes stable-5.14.12 CVE-2021-47423 bsc#1225366).
- Update
  patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
  (git-fixes stable-5.14.12 CVE-2021-47422 bsc#1225233).
- Update
  patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
  (stable-5.14.16 CVE-2021-47490 bsc#1225436).
- Update
  patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
  (git-fixes CVE-2021-47533 bsc#1225445).
- Update
  patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
  (stable-5.14.9 CVE-2021-47368 bsc#1225161).
- Update
  patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
  (jsc#SLE-19253 CVE-2021-47556 bsc#1225383).
- Update
  patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
  (stable-5.14.10 CVE-2021-47406 bsc#1225304).
- Update
  patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
  (git-fixes stable-5.14.10 CVE-2021-47393 bsc#1225321).
- Update
  patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
  (stable-5.14.10 CVE-2021-47386 bsc#1225268).
- Update
  patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
  (stable-5.14.10 CVE-2021-47385 bsc#1225210).
- Update
  patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
  (stable-5.14.10 CVE-2021-47384 bsc#1225209).
- Update
  patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
  (git-fixes stable-5.14.12 CVE-2021-47425 bsc#1225223).
- Update
  patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
  (jsc#SLE-18378 CVE-2021-47501 bsc#1225361).
- Update
  patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
  (stable-5.14.12 CVE-2021-47424 bsc#1225367).
- Update
  patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
  (stable-5.14.15 CVE-2021-47453 bsc#1225239).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
  (jsc#SLE-18375 CVE-2021-47563 bsc#1225500).
- Update
  patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
  (stable-5.14.14 CVE-2021-47449 bsc#1225259).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
  (jsc#SLE-18375 CVE-2021-47562 bsc#1225499).
- Update
  patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
  (git-fixes CVE-2021-47499 bsc#1225358).
- Update
  patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
  (git-fixes stable-5.14.14 CVE-2021-47437 bsc#1225245).
- Update
  patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
  (git-fixes CVE-2021-47500 bsc#1225360).
- Update
  patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
  (stable-5.14.10 CVE-2021-47403 bsc#1225241).
- Update
  patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
  (stable-5.14.10 CVE-2021-47401 bsc#1225242).
- Update
  patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
  (stable-5.14.9 CVE-2021-47373 bsc#1225190).
- Update
  patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
  (stable-5.14.15 CVE-2021-47468 bsc#1225346).
- Update
  patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
  (stable-5.14.18 CVE-2021-47478 bsc#1225198).
- Update
  patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
  (git-fixes CVE-2021-47529 bsc#1225373).
- Update
  patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
  (git-fixes stable-5.14.12 CVE-2021-47415 bsc#1225335).
- Update
  patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
  (stable-5.14.10 CVE-2021-47399 bsc#1225328).
- Update
  patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
  (stable-5.14.15 CVE-2021-47467 bsc#1225344).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
  (git-fixes stable-5.14.12 CVE-2021-47417 bsc#1225227).
- Update
  patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
  (git-fixes stable-5.14.10 CVE-2021-47388 bsc#1225214).
- Update
  patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
  (git-fixes stable-5.14.10 CVE-2021-47396 bsc#1225327).
- Update
  patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
  (git-fixes stable-5.14.10 CVE-2021-47395 bsc#1225326).
- Update
  patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
  (stable-5.14.9 CVE-2021-47361 bsc#1225151).
- Update
  patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
  (git-fixes CVE-2021-47560 bsc#1225495).
- Update
  patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
  (stable-5.14.14 CVE-2021-47441 bsc#1225224).
- Update
  patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
  (stable-5.14.15 CVE-2021-47462 bsc#1225250).
- Update
  patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
  (stable-5.14.15 CVE-2021-47463 bsc#1225127).
- Update
  patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
  (stable-5.14.15 CVE-2021-47466 bsc#1225342).
- Update
  patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
  (stable-5.14.15 CVE-2021-47470 bsc#1225186).
- Update
  patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
  (stable-5.14.9 CVE-2021-47370 bsc#1225183).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
  (stable-5.14.14 CVE-2021-47448 bsc#1225129).
- Update
  patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
  (git-fixes CVE-2021-47540 bsc#1225386).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
  (git-fixes stable-5.14.16 CVE-2021-47482 bsc#1224909).
- Update
  patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
  (git-fixes CVE-2021-47513 bsc#1225380).
- Update
  patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
  (stable-5.14.14 CVE-2021-47439 bsc#1225246).
- Update
  patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
  (stable-5.14.14 CVE-2021-47440 bsc#1225248).
- Update
  patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
  (stable-5.14.10 CVE-2021-47400 bsc#1225329).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
  (stable-5.14.9 CVE-2021-47372 bsc#1225184).
- Update
  patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
  (git-fixes CVE-2021-47564 bsc#1225501).
- Update
  patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
  (stable-5.14.15 CVE-2021-47472 bsc#1225189).
- Update
  patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
  (jsc#SLE-19256 CVE-2021-47541 bsc#1225453).
- Update
  patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
  (stable-5.14.14 CVE-2021-47438 bsc#1225229).
- Update
  patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
  (git-fixes CVE-2021-47542 bsc#1225455).
- Update
  patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
  (stable-5.14.10 CVE-2021-47402 bsc#1225301).
- Update
  patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
  (stable-5.14.12 CVE-2021-47419 bsc#1225338).
- Update
  patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
  (git-fixes CVE-2021-47559 bsc#1225396).
- Update
  patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
  (git-fixes CVE-2021-47536 bsc#1225447).
- Update
  patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
  (jsc#SLE-19033 CVE-2021-47558 bsc#1225492).
- Update
  patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
  (stable-5.14.16 CVE-2021-47496 bsc#1225354).
- Update
  patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
  (stable-5.14.12 CVE-2021-47418 bsc#1225337).
- Update
  patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
  (stable-5.14.10 CVE-2021-47408 bsc#1225236).
- Update
  patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
  (stable-5.14.15 CVE-2021-47452 bsc#1225257).
- Update
  patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
  (stable-5.14.10 CVE-2021-47394 bsc#1225323).
- Update
  patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
  (stable-5.14.15 CVE-2021-47451 bsc#1225237).
- Update
  patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
  (stable-5.14.9 CVE-2021-47363 bsc#1225156).
- Update
  patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
  (stable-5.14.9 CVE-2021-47371 bsc#1225167).
- Update
  patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
  (git-fixes CVE-2021-47518 bsc#1225372).
- Update
  patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
  (git-fixes CVE-2021-47516 bsc#1225427).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
  (git-fixes CVE-2021-47507 bsc#1225405).
- Update
  patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
  (git-fixes CVE-2021-47506 bsc#1225404).
- Update
  patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
  (bsc#1190569 stable-5.14.9 CVE-2021-47378 bsc#1225201).
- Update
  patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
  (stable-5.14.14 CVE-2021-47497 bsc#1225355).
- Update
  patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
  (stable-5.14.15 CVE-2021-47460 bsc#1225251).
- Update
  patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
  (stable-5.14.16 CVE-2021-47493 bsc#1225439).
- Update
  patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
  (stable-5.14.15 CVE-2021-47458 bsc#1225252).
- Update
  patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
  (git-fixes CVE-2021-47537 bsc#1225375).
- Update
  patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
  (stable-5.14.16 CVE-2021-47484 bsc#1224905).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
  stable-5.14.12 CVE-2021-47416 bsc#1225336).
- Update
  patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
  (stable-5.14.12 CVE-2021-47429 bsc#1225388).
- Update
  patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
  (stable-5.14.12 CVE-2021-47428 bsc#1225387).
- Update
  patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
  (stable-5.14.15 CVE-2021-47454 bsc#1225255).
- Update
  patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
  (stable-5.14.15 CVE-2021-47455 bsc#1225254).
- Update
  patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
  (git-fixes stable-5.14.16 CVE-2021-47483 bsc#1224907).
- Update
  patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
  (stable-5.14.12 CVE-2021-47414 bsc#1225334).
- Update
  patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
  (stable-5.14.16 CVE-2021-47486 bsc#1224903).
- Update
  patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
  (stable-5.14.9 CVE-2021-47369 bsc#1225164).
- Update
  patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
  (stable-5.14.10 CVE-2021-47382 bsc#1225207).
- Update
  patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
  (git-fixes CVE-2021-47549 bsc#1225508).
- Update
  patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
  (git-fixes CVE-2021-47553 bsc#1225464).
- Update
  patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
  (stable-5.14.17 CVE-2021-47480 bsc#1225322).
- Update
  patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
  (stable-5.14.12 CVE-2021-47427 bsc#1225225).
- Update
  patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
  (git-fixes CVE-2021-47565 bsc#1225384).
- Update
  patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
  (git-fixes CVE-2021-47503 bsc#1225374).
- Update
  patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
  (stable-5.14.15 CVE-2021-47473 bsc#1225192).
- Update
  patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
  (stable-5.14.10 CVE-2021-47397 bsc#1225082).
- Update
  patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
  (git-fixes CVE-2021-47527 bsc#1194288).
- Update
  patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
  (git-fixes CVE-2021-47526 bsc#1225376).
- Update
  patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
  (git-fixes CVE-2021-47524 bsc#1225377).
- Update
  patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
  (git-fixes CVE-2021-47525 bsc#1225441).
- Update
  patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
  (stable-5.14.15 CVE-2021-47469 bsc#1225347).
- Update
  patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
  (stable-5.14.9 CVE-2021-47358 bsc#1224920).
- Update
  patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
  (git-fixes stable-5.14.18 CVE-2021-47479 bsc#1224911).
- Update
  patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
  (git-fixes CVE-2021-47544 bsc#1225463).
- Update
  patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
  (stable-5.14.10 CVE-2021-47383 bsc#1225208).
- Update
  patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
  (git-fixes CVE-2021-47528 bsc#1225368).
- Update
  patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
  (git-fixes stable-5.14.12 CVE-2021-47413 bsc#1225333).
- Update
  patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
  (stable-5.14.11 CVE-2021-47409 bsc#1225330).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
  (git-fixes stable-5.14.14 CVE-2021-47436 bsc#1225244).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
  (stable-5.14.16 CVE-2021-47495 bsc#1225351).
- Update
  patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
  (stable-5.14.15 CVE-2021-47461 bsc#1225249).
- Update
  patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
  (git-fixes CVE-2021-47554 bsc#1225466).
- Update
  patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
  (stable-5.14.9 CVE-2021-47367 bsc#1225123).
- Update
  patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
  (stable-5.14.12 CVE-2021-47430 bsc#1225228).
- Update
  patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
  (stable-5.14.14 CVE-2021-47434 bsc#1225232).
- commit 3a2e44b

- Update
  patches.suse/ALSA-hda-Do-not-unset-preset-when-cleaning-up-codec.patch
  (git-fixes bsc#1225486 CVE-2023-52736).
- Update
  patches.suse/ALSA-hda-Fix-possible-null-ptr-deref-when-assigning-.patch
  (git-fixes bsc#1225554 CVE-2023-52806).
- Update
  patches.suse/ALSA-pcm-oss-Fix-negative-period-buffer-sizes.patch
  (git-fixes bsc#1225411 CVE-2021-47511).
- Update
  patches.suse/ALSA-pcm-oss-Limit-the-period-size-to-16MB.patch
  (git-fixes bsc#1225409 CVE-2021-47509).
- Update
  patches.suse/ASoC-SOF-Fix-DSP-oops-stack-dump-output-contents.patch
  (git-fixes stable-5.14.10 bsc#1225206 CVE-2021-47381).
- Update
  patches.suse/ASoC-codecs-wcd934x-handle-channel-mappping-list-cor.patch
  (git-fixes bsc#1225369 CVE-2021-47502).
- Update
  patches.suse/Bluetooth-btusb-Add-date-evt_skb-is-NULL-check.patch
  (git-fixes bsc#1225595 CVE-2023-52833).
- Update
  patches.suse/Fix-page-corruption-caused-by-racy-check-in-__free_pages.patch
  (bsc#1208149 bsc#1225118 CVE-2023-52739).
- Update
  patches.suse/HID-amd_sfh-Fix-potential-NULL-pointer-dereference.patch
  (stable-5.14.10 bsc#1225205 CVE-2021-47380).
- Update
  patches.suse/HID-betop-fix-slab-out-of-bounds-Write-in-betop_prob.patch
  (stable-5.14.10 bsc#1225303 CVE-2021-47404).
- Update
  patches.suse/HID-bigbenff-prevent-null-pointer-dereference.patch
  (git-fixes bsc#1225437 CVE-2021-47522).
- Update
  patches.suse/HID-usbhid-free-raw_report-buffers-in-usbhid_stop.patch
  (stable-5.14.10 bsc#1225238 CVE-2021-47405).
- Update
  patches.suse/IB-IPoIB-Fix-legacy-IPoIB-due-to-wrong-number-of-que.patch
  (git-fixes bsc#1225032 CVE-2023-52745).
- Update
  patches.suse/IB-hfi1-Fix-leak-of-rcvhdrtail_dummy_kvaddr.patch
  (jsc#SLE-19242 bsc#1225438 CVE-2021-47523).
- Update
  patches.suse/IB-hfi1-Restore-allocated-resources-on-failed-copyou.patch
  (git-fixes bsc#1224931 CVE-2023-52747).
- Update
  patches.suse/IB-qib-Protect-from-buffer-overflow-in-struct-qib_us.patch
  (stable-5.14.16 bsc#1224904 CVE-2021-47485).
- Update
  patches.suse/Input-synaptics-rmi4-fix-use-after-free-in-rmi_unreg.patch
  (git-fixes bsc#1224928 CVE-2023-52840).
- Update
  patches.suse/KVM-PPC-Book3S-HV-Fix-stack-handling-in-idle_kvm_sta.patch
  (stable-5.14.15 bko#206669 bsc#1174585 bsc#1192107
  CVE-2021-43056 bsc#1225341 CVE-2021-47465).
- Update
  patches.suse/KVM-SVM-fix-missing-sev_decommission-in-sev_receive_.patch
  (stable-5.14.10 bsc#1225126 CVE-2021-47389).
- Update
  patches.suse/KVM-arm64-Fix-host-stage-2-PGD-refcount.patch
  (stable-5.14.15 bsc#1225258 CVE-2021-47450).
- Update
  patches.suse/KVM-x86-Fix-stack-out-of-bounds-memory-access-from-i.patch
  (stable-5.14.10 bsc#1225125 CVE-2021-47390).
- Update
  patches.suse/KVM-x86-Handle-SRCU-initialization-failure-during-pa.patch
  (stable-5.14.10 bsc#1225306 CVE-2021-47407).
- Update
  patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_in_s.patch
  (stable-5.14.14 bsc#1225263 CVE-2021-47442).
- Update
  patches.suse/NFC-digital-fix-possible-memory-leak-in-digital_tg_l.patch
  (stable-5.14.14 bsc#1225262 CVE-2021-47443).
- Update
  patches.suse/RDMA-cma-Ensure-rdma_addr_cancel-happens-before-issu.patch
  (stable-5.14.10 bsc#1225318 CVE-2021-47391).
- Update
  patches.suse/RDMA-cma-Fix-listener-leak-in-rdma_cma_listen_on_all.patch
  (stable-5.14.10 bsc#1225320 CVE-2021-47392).
- Update patches.suse/RDMA-hfi1-Fix-kernel-pointer-leak.patch
  (stable-5.14.10 bsc#1225131 CVE-2021-47398).
- Update
  patches.suse/RDMA-irdma-Fix-potential-NULL-ptr-dereference.patch
  (git-fixes bsc#1225121 CVE-2023-52744).
- Update
  patches.suse/RDMA-mlx5-Initialize-the-ODP-xarray-when-creating-an.patch
  (stable-5.14.16 bsc#1224910 CVE-2021-47481).
- Update
  patches.suse/afs-Fix-corruption-in-reads-at-fpos-2G-4G-from-an-Op.patch
  (stable-5.14.9 bsc#1225160 CVE-2021-47366).
- Update
  patches.suse/aio-fix-use-after-free-due-to-missing-POLLFREE-handl.patch
  (CVE-2021-39698 bsc#1196956 bsc#1225400 CVE-2021-47505).
- Update
  patches.suse/atl1c-Work-around-the-DMA-RX-overflow-issue.patch
  (git-fixes bsc#1225599 CVE-2023-52834).
- Update
  patches.suse/audit-fix-possible-null-pointer-dereference-in-audit.patch
  (stable-5.14.15 bsc#1225393 CVE-2021-47464).
- Update patches.suse/binder-make-sure-fd-closes-complete.patch
  (stable-5.14.9 bsc#1225122 CVE-2021-47360).
- Update
  patches.suse/blk-cgroup-fix-UAF-by-grabbing-blkcg-lock-before-des.patch
  (stable-5.14.9 bsc#1225203 CVE-2021-47379).
- Update
  patches.suse/blktrace-Fix-uaf-in-blk_trace-access-after-removing-.patch
  (stable-5.14.9 bsc#1225193 CVE-2021-47375).
- Update
  patches.suse/block-don-t-call-rq_qos_ops-done_bio-if-the-bio-isn-.patch
  (stable-5.14.11 bsc#1225332 CVE-2021-47412).
- Update
  patches.suse/bpf-Add-oversize-check-before-call-kvcalloc.patch
  (stable-5.14.9 bsc#1225195 CVE-2021-47376).
- Update
  patches.suse/bpf-s390-Fix-potential-memory-leak-about-jit_data.patch
  (stable-5.14.12 bsc#1225370 CVE-2021-47426).
- Update
  patches.suse/btrfs-fix-abort-logic-in-btrfs_replace_file_extents.patch
  (stable-5.14.14 bsc#1225392 CVE-2021-47433).
- Update
  patches.suse/btrfs-fix-re-dirty-process-of-tree-log-nodes.patch
  (bsc#1197915 bsc#1225410 CVE-2021-47510).
- Update
  patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_p.patch
  (git-fixes bsc#1225000 CVE-2023-52878).
- Update
  patches.suse/can-isotp-isotp_sendmsg-add-result-check-for-wait_ev.patch
  (stable-5.14.15 bsc#1225235 CVE-2021-47457).
- Update
  patches.suse/can-j1939-j1939_netdev_start-fix-UAF-for-rx_kref-of-.patch
  (stable-5.14.15 bsc#1225253 CVE-2021-47459).
- Update
  patches.suse/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch
  (git-fixes bsc#1225431 CVE-2021-47520).
- Update patches.suse/can-peak_pci-peak_pci_remove-fix-UAF.patch
  (stable-5.14.15 bsc#1225256 CVE-2021-47456).
- Update
  patches.suse/can-sja1000-fix-use-after-free-in-ems_pcmcia_add_car.patch
  (git-fixes bsc#1225435 CVE-2021-47521).
- Update
  patches.suse/cfg80211-fix-management-registrations-locking.patch
  (git-fixes stable-5.14.16 bsc#1225450 CVE-2021-47494).
- Update
  patches.suse/cgroup-Fix-memory-leak-caused-by-missing-cgroup_bpf_.patch
  (stable-5.14.16 bsc#1224902 CVE-2021-47488).
- Update patches.suse/cifs-Fix-soft-lockup-during-fsstress.patch
  (stable-5.14.9 bsc#1225145 CVE-2021-47359).
- Update
  patches.suse/cifs-Fix-use-after-free-in-rdata-read_into_pages-.patch
  (git-fixes bsc#1225479 CVE-2023-52741).
- Update
  patches.suse/clk-mediatek-clk-mt2701-Add-check-for-mtk_alloc_clk_.patch
  (git-fixes bsc#1225096 CVE-2023-52875).
- Update
  patches.suse/clk-mediatek-clk-mt6765-Add-check-for-mtk_alloc_clk_.patch
  (git-fixes bsc#1224937 CVE-2023-52870).
- Update
  patches.suse/clk-mediatek-clk-mt6779-Add-check-for-mtk_alloc_clk_.patch
  (git-fixes bsc#1225589 CVE-2023-52873).
- Update
  patches.suse/clk-mediatek-clk-mt6797-Add-check-for-mtk_alloc_clk_.patch
  (git-fixes bsc#1225086 CVE-2023-52865).
- Update
  patches.suse/clk-mediatek-clk-mt7629-Add-check-for-mtk_alloc_clk_.patch
  (git-fixes bsc#1225566 CVE-2023-52858).
- Update
  patches.suse/clk-mediatek-clk-mt7629-eth-Add-check-for-mtk_alloc_.patch
  (git-fixes bsc#1225036 CVE-2023-52876).
- Update
  patches.suse/comedi-Fix-memory-leak-in-compat_insnlist.patch
  (stable-5.14.9 bsc#1225158 CVE-2021-47364).
- Update patches.suse/comedi-dt9812-fix-DMA-buffers-on-stack.patch
  (git-fixes stable-5.14.18 bsc#1224912 CVE-2021-47477).
- Update
  patches.suse/comedi-ni_usb6501-fix-NULL-deref-in-command-paths.patch
  (git-fixes stable-5.14.18 bsc#1224913 CVE-2021-47476).
- Update
  patches.suse/comedi-vmk80xx-fix-bulk-buffer-overflow.patch
  (git-fixes stable-5.14.18 bsc#1224915 CVE-2021-47474).
- Update
  patches.suse/comedi-vmk80xx-fix-transfer-buffer-overflows.patch
  (git-fixes stable-5.14.18 bsc#1224914 CVE-2021-47475).
- Update
  patches.suse/cpufreq-schedutil-Use-kobject-release-method-to-free.patch
  (stable-5.14.10 bsc#1225316 CVE-2021-47387).
- Update
  patches.suse/devlink-fix-netns-refcount-leak-in-devlink_nl_cmd_re.patch
  (git-fixes bsc#1225425 CVE-2021-47514).
- Update
  patches.suse/dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch
  (stable-5.14.14 bsc#1225247 CVE-2021-47435).
- Update
  patches.suse/dm-rq-don-t-queue-request-to-blk-mq-during-DM-suspen.patch
  (stable-5.14.14 bsc#1225357 CVE-2021-47498).
- Update
  patches.suse/dma-debug-prevent-an-error-message-from-causing-runt.patch
  (stable-5.14.9 bsc#1225191 CVE-2021-47374).
- Update
  patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-Pola.patch
  (git-fixes bsc#1225532 CVE-2023-52819).
- Update
  patches.suse/drm-amd-Fix-UBSAN-array-index-out-of-bounds-for-SMU7.patch
  (git-fixes bsc#1225530 CVE-2023-52818).
- Update patches.suse/drm-amd-amdgpu-fix-potential-memleak.patch
  (git-fixes bsc#1225379 CVE-2021-47550).
- Update
  patches.suse/drm-amd-amdkfd-Fix-kernel-panic-when-reset-failed-an.patch
  (git-fixes bsc#1225510 CVE-2021-47551).
- Update
  patches.suse/drm-amd-display-Avoid-NULL-dereference-of-timing-gen.patch
  (git-fixes bsc#1225478 CVE-2023-52753).
- Update
  patches.suse/drm-amd-pm-Update-intermediate-power-state-for-SI.patch
  (stable-5.14.9 bsc#1225153 CVE-2021-47362).
- Update
  patches.suse/drm-amdgpu-Fix-a-null-pointer-access-when-the-smc_rr.patch
  (git-fixes bsc#1225569 CVE-2023-52817).
- Update
  patches.suse/drm-amdgpu-Fix-potential-null-pointer-derefernce.patch
  (git-fixes bsc#1225565 CVE-2023-52814).
- Update
  patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
  (git-fixes bsc#1225005 CVE-2023-52738).
- Update patches.suse/drm-amdgpu-fix-gart.bo-pin_count-leak.patch
  (stable-5.14.13 bsc#1225390 CVE-2021-47431).
- Update
  patches.suse/drm-amdgpu-handle-the-case-of-pci_channel_io_frozen-.patch
  (git-fixes stable-5.14.12 bsc#1225353 CVE-2021-47421).
- Update
  patches.suse/drm-amdkfd-Fix-a-race-condition-of-vram-buffer-unref.patch
  (git-fixes bsc#1225076 CVE-2023-52825).
- Update
  patches.suse/drm-amdkfd-Fix-shift-out-of-bounds-issue.patch
  (git-fixes bsc#1225529 CVE-2023-52816).
- Update
  patches.suse/drm-amdkfd-fix-a-potential-ttm-sg-memory-leak.patch
  (git-fixes stable-5.14.12 bsc#1225339 CVE-2021-47420).
- Update
  patches.suse/drm-amdkfd-fix-svm_migrate_fini-warning.patch
  (stable-5.14.11 bsc#1225331 CVE-2021-47410).
- Update
  patches.suse/drm-bridge-lt8912b-Fix-crash-on-bridge-detach.patch
  (git-fixes bsc#1224932 CVE-2023-52856).
- Update
  patches.suse/drm-edid-In-connector_bad_edid-cap-num_of_ext-by-num.patch
  (git-fixes stable-5.14.14 bsc#1225243 CVE-2021-47444).
- Update
  patches.suse/drm-msm-Fix-null-pointer-dereference-on-pointer-edp.patch
  (git-fixes stable-5.14.14 bsc#1225261 CVE-2021-47445).
- Update
  patches.suse/drm-msm-a3xx-fix-error-handling-in-a3xx_gpu_init.patch
  (git-fixes stable-5.14.14 bsc#1225260 CVE-2021-47447).
- Update
  patches.suse/drm-msm-a4xx-fix-error-handling-in-a4xx_gpu_init.patch
  (git-fixes stable-5.14.14 bsc#1225240 CVE-2021-47446).
- Update
  patches.suse/drm-msm-a6xx-Allocate-enough-space-for-GMU-registers.patch
  (git-fixes bsc#1225446 CVE-2021-47535).
- Update
  patches.suse/drm-mxsfb-Fix-NULL-pointer-dereference-crash-on-unlo.patch
  (stable-5.14.15 bsc#1225187 CVE-2021-47471).
- Update
  patches.suse/drm-nouveau-debugfs-fix-file-release-memory-leak.patch
  (git-fixes stable-5.14.12 bsc#1225366 CVE-2021-47423).
- Update
  patches.suse/drm-nouveau-kms-nv50-fix-file-release-memory-leak.patch
  (git-fixes stable-5.14.12 bsc#1225233 CVE-2021-47422).
- Update
  patches.suse/drm-panel-fix-a-possible-null-pointer-dereference.patch
  (git-fixes bsc#1225022 CVE-2023-52821).
- Update
  patches.suse/drm-panel-panel-tpo-tpg110-fix-a-possible-null-point.patch
  (git-fixes bsc#1225077 CVE-2023-52826).
- Update
  patches.suse/drm-radeon-fix-a-possible-null-pointer-dereference.patch
  (git-fixes bsc#1225230 CVE-2022-48710).
- Update patches.suse/drm-radeon-possible-buffer-overflow.patch
  (git-fixes bsc#1225009 CVE-2023-52867).
- Update
  patches.suse/drm-ttm-fix-memleak-in-ttm_transfered_destroy.patch
  (stable-5.14.16 bsc#1225436 CVE-2021-47490).
- Update
  patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
  (git-fixes CVE-2021-47534).
- Update
  patches.suse/drm-vc4-kms-Clear-the-HVS-FIFO-commit-pointer-once-d.patch
  (git-fixes bsc#1225445 CVE-2021-47533).
- Update
  patches.suse/enetc-Fix-illegal-access-when-reading-affinity_hint.patch
  (stable-5.14.9 bsc#1225161 CVE-2021-47368).
- Update
  patches.suse/ethtool-ioctl-fix-potential-NULL-deref-in-ethtool_se.patch
  (jsc#SLE-19253 bsc#1225383 CVE-2021-47556).
- Update
  patches.suse/ext4-add-error-checking-to-ext4_ext_replay_set_ibloc.patch
  (stable-5.14.10 bsc#1225304 CVE-2021-47406).
- Update
  patches.suse/fbdev-imsttfb-fix-a-resource-leak-in-probe.patch
  (git-fixes bsc#1225031 CVE-2023-52838).
- Update
  patches.suse/fs-jfs-Add-check-for-negative-db_l2nbperpage.patch
  (git-fixes bsc#1225557 CVE-2023-52810).
- Update
  patches.suse/fs-jfs-Add-validity-check-for-db_maxag-and-db_agpref.patch
  (git-fixes bsc#1225550 CVE-2023-52804).
- Update patches.suse/gfs2-ignore-negated-quota-changes.patch
  (git-fixes bsc#1225560 CVE-2023-52759).
- Update
  patches.suse/hid-cp2112-Fix-duplicate-workqueue-initialization.patch
  (git-fixes bsc#1224988 CVE-2023-52853).
- Update
  patches.suse/hwmon-mlxreg-fan-Return-non-zero-value-when-fan-curr.patch
  (git-fixes stable-5.14.10 bsc#1225321 CVE-2021-47393).
- Update
  patches.suse/hwmon-w83791d-Fix-NULL-pointer-dereference-by-removi.patch
  (stable-5.14.10 bsc#1225268 CVE-2021-47386).
- Update
  patches.suse/hwmon-w83792d-Fix-NULL-pointer-dereference-by-removi.patch
  (stable-5.14.10 bsc#1225210 CVE-2021-47385).
- Update
  patches.suse/hwmon-w83793-Fix-NULL-pointer-dereference-by-removin.patch
  (stable-5.14.10 bsc#1225209 CVE-2021-47384).
- Update
  patches.suse/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch
  (git-fixes stable-5.14.12 bsc#1225223 CVE-2021-47425).
- Update
  patches.suse/i2c-core-Run-atomic-i2c-xfer-when-preemptible.patch
  (git-fixes bsc#1225108 CVE-2023-52791).
- Update
  patches.suse/i3c-master-mipi-i3c-hci-Fix-a-kernel-panic-for-acces.patch
  (git-fixes bsc#1225570 CVE-2023-52763).
- Update
  patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
  (git-fixes CVE-2023-52766).
- Update
  patches.suse/i40e-Fix-NULL-pointer-dereference-in-i40e_dbg_dump_d.patch
  (jsc#SLE-18378 bsc#1225361 CVE-2021-47501).
- Update
  patches.suse/i40e-Fix-freeing-of-uninitialized-misc-IRQ-vector.patch
  (stable-5.14.12 bsc#1225367 CVE-2021-47424).
- Update
  patches.suse/i915-perf-Fix-NULL-deref-bugs-with-drm_dbg-calls.patch
  (git-fixes bsc#1225106 CVE-2023-52788).
- Update
  patches.suse/ice-Avoid-crash-from-unnecessary-IDA-free.patch
  (stable-5.14.15 bsc#1225239 CVE-2021-47453).
- Update
  patches.suse/ice-Do-not-use-WQ_MEM_RECLAIM-flag-for-workqueue.patch
  (git-fixes bsc#1225003 CVE-2023-52743).
- Update patches.suse/ice-avoid-bpf_prog-refcount-underflow.patch
  (jsc#SLE-18375 bsc#1225500 CVE-2021-47563).
- Update
  patches.suse/ice-fix-locking-for-Tx-timestamp-tracking-flush.patch
  (stable-5.14.14 bsc#1225259 CVE-2021-47449).
- Update patches.suse/ice-fix-vsi-txq_map-sizing.patch
  (jsc#SLE-18375 bsc#1225499 CVE-2021-47562).
- Update
  patches.suse/ice-switch-fix-potential-memleak-in-ice_add_adv_reci.patch
  (git-fixes bsc#1225095 CVE-2022-48709).
- Update
  patches.suse/iio-accel-kxcjk-1013-Fix-possible-memory-leak-in-pro.patch
  (git-fixes bsc#1225358 CVE-2021-47499).
- Update
  patches.suse/iio-adis16475-fix-deadlock-on-frequency-set.patch
  (git-fixes stable-5.14.14 bsc#1225245 CVE-2021-47437).
- Update
  patches.suse/iio-mma8452-Fix-trigger-reference-couting.patch
  (git-fixes bsc#1225360 CVE-2021-47500).
- Update
  patches.suse/ipack-ipoctal-fix-module-reference-leak.patch
  (stable-5.14.10 bsc#1225241 CVE-2021-47403).
- Update
  patches.suse/ipack-ipoctal-fix-stack-information-leak.patch
  (stable-5.14.10 bsc#1225242 CVE-2021-47401).
- Update
  patches.suse/irqchip-gic-v3-its-Fix-potential-VPE-leak-on-error.patch
  (stable-5.14.9 bsc#1225190 CVE-2021-47373).
- Update
  patches.suse/isdn-mISDN-Fix-sleeping-function-called-from-invalid.patch
  (stable-5.14.15 bsc#1225346 CVE-2021-47468).
- Update
  patches.suse/isofs-Fix-out-of-bound-access-for-corrupted-isofs-im.patch
  (stable-5.14.18 bsc#1225198 CVE-2021-47478).
- Update
  patches.suse/iwlwifi-Fix-memory-leaks-in-error-handling-path.patch
  (git-fixes bsc#1225373 CVE-2021-47529).
- Update
  patches.suse/iwlwifi-mvm-Fix-possible-NULL-dereference.patch
  (git-fixes stable-5.14.12 bsc#1225335 CVE-2021-47415).
- Update
  patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch
  (stable-5.14.10 bsc#1225328 CVE-2021-47399).
- Update
  patches.suse/jfs-fix-array-index-out-of-bounds-in-dbFindLeaf.patch
  (git-fixes bsc#1225472 CVE-2023-52799).
- Update
  patches.suse/jfs-fix-array-index-out-of-bounds-in-diAlloc.patch
  (git-fixes bsc#1225553 CVE-2023-52805).
- Update
  patches.suse/kunit-fix-reference-count-leak-in-kfree_at_end.patch
  (stable-5.14.15 bsc#1225344 CVE-2021-47467).
- Update patches.suse/libbpf-Fix-memory-leak-in-strset.patch
  (git-fixes stable-5.14.12 bsc#1225227 CVE-2021-47417).
- Update
  patches.suse/mac80211-fix-use-after-free-in-CCMP-GCMP-RX.patch
  (git-fixes stable-5.14.10 bsc#1225214 CVE-2021-47388).
- Update
  patches.suse/mac80211-hwsim-fix-late-beacon-hrtimer-handling.patch
  (git-fixes stable-5.14.10 bsc#1225327 CVE-2021-47396).
- Update
  patches.suse/mac80211-limit-injected-vht-mcs-nss-in-ieee80211_par.patch
  (git-fixes stable-5.14.10 bsc#1225326 CVE-2021-47395).
- Update
  patches.suse/mcb-fix-error-handling-in-mcb_alloc_bus.patch
  (stable-5.14.9 bsc#1225151 CVE-2021-47361).
- Update
  patches.suse/media-bttv-fix-use-after-free-error-due-to-btv-timeo.patch
  (git-fixes bsc#1225588 CVE-2023-52847).
- Update
  patches.suse/media-gspca-cpia1-shift-out-of-bounds-in-set_flicker.patch
  (git-fixes bsc#1225571 CVE-2023-52764).
- Update
  patches.suse/media-imon-fix-access-to-invalid-resource-for-the-se.patch
  (git-fixes bsc#1225490 CVE-2023-52754).
- Update
  patches.suse/media-vidtv-mux-Add-check-and-kfree-for-kstrdup.patch
  (git-fixes bsc#1225592 CVE-2023-52841).
- Update patches.suse/media-vidtv-psi-Add-check-for-kstrdup.patch
  (git-fixes bsc#1225590 CVE-2023-52844).
- Update
  patches.suse/mlxsw-spectrum-Protect-driver-from-buggy-firmware.patch
  (git-fixes bsc#1225495 CVE-2021-47560).
- Update
  patches.suse/mlxsw-thermal-Fix-out-of-bounds-memory-accesses.patch
  (stable-5.14.14 bsc#1225224 CVE-2021-47441).
- Update
  patches.suse/mm-mempolicy-do-not-allow-illegal-MPOL_F_NUMA_BALANC.patch
  (stable-5.14.15 bsc#1225250 CVE-2021-47462).
- Update
  patches.suse/mm-secretmem-fix-NULL-page-mapping-dereference-in-pa.patch
  (stable-5.14.15 bsc#1225127 CVE-2021-47463).
- Update
  patches.suse/mm-slub-fix-potential-memoryleak-in-kmem_cache_open.patch
  (stable-5.14.15 bsc#1225342 CVE-2021-47466).
- Update
  patches.suse/mm-slub-fix-potential-use-after-free-in-slab_debugfs.patch
  (stable-5.14.15 bsc#1225186 CVE-2021-47470).
- Update
  patches.suse/mmc-mmc_spi-fix-error-handling-in-mmc_spi_probe.patch
  (git-fixes bsc#1225483 CVE-2023-52708).
- Update
  patches.suse/mmc-sdio-fix-possible-resource-leaks-in-some-error-p.patch
  (git-fixes bsc#1224956 CVE-2023-52730).
- Update
  patches.suse/mptcp-ensure-tx-skbs-always-have-the-MPTCP-ext.patch
  (stable-5.14.9 bsc#1225183 CVE-2021-47370).
- Update patches.suse/mptcp-fix-possible-stall-on-recvmsg.patch
  (stable-5.14.14 bsc#1225129 CVE-2021-47448).
- Update
  patches.suse/mt76-mt7915-fix-NULL-pointer-dereference-in-mt7915_g.patch
  (git-fixes bsc#1225386 CVE-2021-47540).
- Update
  patches.suse/net-USB-Fix-wrong-direction-WARNING-in-plusb.c.patch
  (git-fixes bsc#1225482 CVE-2023-52742).
- Update patches.suse/net-batman-adv-fix-error-handling.patch
  (git-fixes stable-5.14.16 bsc#1224909 CVE-2021-47482).
- Update
  patches.suse/net-dsa-felix-Fix-memory-leak-in-felix_setup_mmio_fi.patch
  (git-fixes bsc#1225380 CVE-2021-47513).
- Update
  patches.suse/net-dsa-microchip-Added-the-condition-for-scheduling.patch
  (stable-5.14.14 bsc#1225246 CVE-2021-47439).
- Update
  patches.suse/net-encx24j600-check-error-in-devm_regmap_init_encx2.patch
  (stable-5.14.14 bsc#1225248 CVE-2021-47440).
- Update
  patches.suse/net-hns3-do-not-allow-call-hns3_nic_net_open-repeate.patch
  (stable-5.14.10 bsc#1225329 CVE-2021-47400).
- Update patches.suse/net-macb-fix-use-after-free-on-rmmod.patch
  (stable-5.14.9 bsc#1225184 CVE-2021-47372).
- Update
  patches.suse/net-marvell-prestera-fix-double-free-issue-on-err-pa.patch
  (git-fixes bsc#1225501 CVE-2021-47564).
- Update
  patches.suse/net-mdiobus-Fix-memory-leak-in-__mdiobus_register.patch
  (stable-5.14.15 bsc#1225189 CVE-2021-47472).
- Update
  patches.suse/net-mlx4_en-Fix-an-use-after-free-bug-in-mlx4_en_try.patch
  (jsc#SLE-19256 bsc#1225453 CVE-2021-47541).
- Update
  patches.suse/net-mlx5e-Fix-memory-leak-in-mlx5_core_destroy_cq-er.patch
  (stable-5.14.14 bsc#1225229 CVE-2021-47438).
- Update
  patches.suse/net-openvswitch-fix-possible-memory-leak-in-ovs_mete.patch
  (git-fixes bsc#1224945 CVE-2023-52702).
- Update
  patches.suse/net-qlogic-qlcnic-Fix-a-NULL-pointer-dereference-in-.patch
  (git-fixes bsc#1225455 CVE-2021-47542).
- Update
  patches.suse/net-sched-flower-protect-fl_walk-with-rcu.patch
  (stable-5.14.10 bsc#1225302 CVE-2021-47402).
- Update
  patches.suse/net-sched-sch_taprio-properly-cancel-timer-from-tapr.patch
  (stable-5.14.12 bsc#1225338 CVE-2021-47419).
- Update
  patches.suse/net-smc-Fix-NULL-pointer-dereferencing-in-smc_vlan_by_tcpsk
  (git-fixes bsc#1225396 CVE-2021-47559).
- Update
  patches.suse/net-smc-fix-wrong-list_del-in-smc_lgr_cleanup_early
  (git-fixes bsc#1225447 CVE-2021-47536).
- Update
  patches.suse/net-stmmac-Disable-Tx-queues-when-reconfiguring-the-.patch
  (jsc#SLE-19033 bsc#1225492 CVE-2021-47558).
- Update
  patches.suse/net-tls-Fix-flipped-sign-in-tls_err_abort-calls.patch
  (stable-5.14.16 bsc#1225354 CVE-2021-47496).
- Update
  patches.suse/net-usb-kalmia-Don-t-pass-act_len-in-usb_bulk_msg-er.patch
  (git-fixes bsc#1225549 CVE-2023-52703).
- Update
  patches.suse/net_sched-fix-NULL-deref-in-fifo_set_limit.patch
  (stable-5.14.12 bsc#1225337 CVE-2021-47418).
- Update
  patches.suse/netfilter-conntrack-serialize-hash-resizes-and-clean.patch
  (stable-5.14.10 bsc#1225236 CVE-2021-47408).
- Update
  patches.suse/netfilter-nf_tables-skip-netdev-events-generated-on-.patch
  (stable-5.14.15 bsc#1225257 CVE-2021-47452).
- Update
  patches.suse/netfilter-nf_tables-unlink-table-before-deleting-it.patch
  (stable-5.14.10 bsc#1225323 CVE-2021-47394).
- Update
  patches.suse/netfilter-xt_IDLETIMER-fix-panic-that-occurs-when-ti.patch
  (stable-5.14.15 bsc#1225237 CVE-2021-47451).
- Update
  patches.suse/nexthop-Fix-division-by-zero-while-replacing-a-resil.patch
  (stable-5.14.9 bsc#1225156 CVE-2021-47363).
- Update
  patches.suse/nexthop-Fix-memory-leaks-in-nexthop-notification-cha.patch
  (stable-5.14.9 bsc#1225167 CVE-2021-47371).
- Update
  patches.suse/nfc-fix-potential-NULL-pointer-deref-in-nfc_genl_dum.patch
  (git-fixes bsc#1225372 CVE-2021-47518).
- Update
  patches.suse/nfp-Fix-memory-leak-in-nfp_cpp_area_cache_add.patch
  (git-fixes bsc#1225427 CVE-2021-47516).
- Update patches.suse/nfsd-Fix-nsfd-startup-race-again.patch
  (git-fixes bsc#1225405 CVE-2021-47507).
- Update
  patches.suse/nfsd-fix-use-after-free-due-to-delegation-race.patch
  (git-fixes bsc#1225404 CVE-2021-47506).
- Update
  patches.suse/nvme-rdma-destroy-cm-id-before-destroy-qp-to-avoid-u.patch
  (bsc#1190569 stable-5.14.9 bsc#1225201 CVE-2021-47378).
- Update
  patches.suse/nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-ce.patch
  (stable-5.14.14 bsc#1225355 CVE-2021-47497).
- Update
  patches.suse/ocfs2-fix-data-corruption-after-conversion-from-inli.patch
  (stable-5.14.15 bsc#1225251 CVE-2021-47460).
- Update
  patches.suse/ocfs2-fix-race-between-searching-chunks-and-release-.patch
  (stable-5.14.16 bsc#1225439 CVE-2021-47493).
- Update
  patches.suse/ocfs2-mount-fails-with-buffer-overflow-in-strlen.patch
  (stable-5.14.15 bsc#1225252 CVE-2021-47458).
- Update
  patches.suse/octeontx2-af-Fix-a-memleak-bug-in-rvu_mbox_init.patch
  (git-fixes bsc#1225375 CVE-2021-47537).
- Update
  patches.suse/octeontx2-af-Fix-possible-null-pointer-dereference.patch
  (stable-5.14.16 bsc#1224905 CVE-2021-47484).
- Update
  patches.suse/padata-Fix-refcnt-handling-in-padata_free_shell.patch
  (git-fixes bsc#1225584 CVE-2023-52854).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
  stable-5.14.12 bsc#1225336 CVE-2021-47416).
- Update
  patches.suse/pinctrl-single-fix-potential-NULL-dereference.patch
  (git-fixes bsc#1224942 CVE-2022-48708).
- Update
  patches.suse/platform-x86-wmi-Fix-opening-of-char-device.patch
  (git-fixes bsc#1225132 CVE-2023-52864).
- Update
  patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
  (stable-5.14.12 bsc#1225388 CVE-2021-47429).
- Update
  patches.suse/powerpc-64s-fix-program-check-interrupt-emergency-st.patch
  (stable-5.14.12 bsc#1225387 CVE-2021-47428).
- Update
  patches.suse/powerpc-64s-interrupt-Fix-interrupt-exit-race-with-s.patch
  (bsc#1194869 bsc#1225471 CVE-2023-52740).
- Update
  patches.suse/powerpc-smp-do-not-decrement-idle-task-preempt-count.patch
  (stable-5.14.15 bsc#1225255 CVE-2021-47454).
- Update
  patches.suse/ptp-Fix-possible-memory-leak-in-ptp_clock_register.patch
  (stable-5.14.15 bsc#1225254 CVE-2021-47455).
- Update patches.suse/pwm-Fix-double-shift-bug.patch (git-fixes
  bsc#1225461 CVE-2023-52756).
- Update
  patches.suse/regmap-Fix-possible-double-free-in-regcache_rbtree_e.patch
  (git-fixes stable-5.14.16 bsc#1224907 CVE-2021-47483).
- Update
  patches.suse/riscv-Flush-current-cpu-icache-before-other-cpus.patch
  (stable-5.14.12 bsc#1225334 CVE-2021-47414).
- Update
  patches.suse/riscv-bpf-Fix-potential-NULL-dereference.patch
  (stable-5.14.16 bsc#1224903 CVE-2021-47486).
- Update
  patches.suse/s390-dasd-protect-device-queue-against-concurrent-access.patch
  (git-fixes bsc#1217515 bsc#1225572 CVE-2023-52774).
- Update
  patches.suse/s390-decompressor-specify-__decompress-buf-len-to-avoid-overflow.patch
  (git-fixes bsc#1213863 bsc#1225488 CVE-2023-52733).
- Update
  patches.suse/s390-qeth-fix-NULL-deref-in-qeth_clear_working_pool_.patch
  (stable-5.14.9 bsc#1225164 CVE-2021-47369).
- Update
  patches.suse/s390-qeth-fix-deadlock-during-failing-recovery.patch
  (stable-5.14.10 bsc#1225207 CVE-2021-47382).
- Update
  patches.suse/sata_fsl-fix-UAF-in-sata_fsl_port_stop-when-rmmod-sa.patch
  (git-fixes bsc#1225508 CVE-2021-47549).
- Update
  patches.suse/sched-psi-Fix-use-after-free-in-ep_remove_wait_queue.patch
  (bsc#1209799 bsc#1225109 CVE-2023-52707).
- Update
  patches.suse/sched-scs-Reset-task-stack-state-in-bringup_cpu.patch
  (git-fixes bsc#1225464 CVE-2021-47553).
- Update
  patches.suse/scsi-core-Put-LLD-module-refcnt-after-SCSI-device-is.patch
  (stable-5.14.17 bsc#1225322 CVE-2021-47480).
- Update
  patches.suse/scsi-ibmvfc-Remove-BUG_ON-in-the-case-of-an-empty-ev.patch
  (bsc#1209834 ltc#202097 bsc#1225559 CVE-2023-52811).
- Update
  patches.suse/scsi-iscsi-Fix-iscsi_task-use-after-free.patch
  (stable-5.14.12 bsc#1225225 CVE-2021-47427).
- Update
  patches.suse/scsi-mpt3sas-Fix-kernel-panic-during-drive-powercycle-test
  (git-fixes bsc#1225384 CVE-2021-47565).
- Update
  patches.suse/scsi-pm80xx-Do-not-call-scsi_remove_host-in-pm8001_alloc
  (git-fixes bsc#1225374 CVE-2021-47503).
- Update
  patches.suse/scsi-qla2xxx-Fix-a-memory-leak-in-an-error-path-of-q.patch
  (stable-5.14.15 bsc#1225192 CVE-2021-47473).
- Update
  patches.suse/sctp-break-out-if-skb_header_pointer-returns-NULL-in.patch
  (stable-5.14.10 bsc#1225082 CVE-2021-47397).
- Update
  patches.suse/serial-core-fix-transmit-buffer-reset-and-memleak.patch
  (git-fixes bsc#1194288 CVE-2021-47527).
- Update
  patches.suse/serial-liteuart-Fix-NULL-pointer-dereference-in-remo.patch
  (git-fixes bsc#1225376 CVE-2021-47526).
- Update
  patches.suse/serial-liteuart-fix-minor-number-leak-on-probe-error.patch
  (git-fixes bsc#1225377 CVE-2021-47524).
- Update
  patches.suse/serial-liteuart-fix-use-after-free-and-memleak-on-un.patch
  (git-fixes bsc#1225441 CVE-2021-47525).
- Update
  patches.suse/soc-qcom-llcc-Handle-a-second-device-without-data-co.patch
  (git-fixes bsc#1225534 CVE-2023-52871).
- Update
  patches.suse/spi-Fix-deadlock-when-adding-SPI-controllers-on-SPI-.patch
  (stable-5.14.15 bsc#1225347 CVE-2021-47469).
- Update
  patches.suse/staging-greybus-uart-fix-tty-use-after-free.patch
  (stable-5.14.9 bsc#1224920 CVE-2021-47358).
- Update
  patches.suse/staging-rtl8712-fix-use-after-free-in-rtl8712_dl_fw.patch
  (git-fixes stable-5.14.18 bsc#1224911 CVE-2021-47479).
- Update
  patches.suse/tcp-fix-page-frag-corruption-on-page-fault.patch
  (git-fixes bsc#1225463 CVE-2021-47544).
- Update
  patches.suse/thermal-core-prevent-potential-string-overflow.patch
  (git-fixes bsc#1225044 CVE-2023-52868).
- Update
  patches.suse/tty-Fix-out-of-bound-vmalloc-access-in-imageblit.patch
  (stable-5.14.10 bsc#1225208 CVE-2021-47383).
- Update
  patches.suse/tty-n_gsm-fix-race-condition-in-status-line-change-o.patch
  (git-fixes bsc#1225591 CVE-2023-52872).
- Update
  patches.suse/tty-n_gsm-require-CAP_NET_ADMIN-to-attach-N_GSM0710-.patch
  (bsc#1222619 CVE-2023-52880).
- Update
  patches.suse/tty-vcc-Add-check-for-kstrdup-in-vcc_probe.patch
  (git-fixes bsc#1225180 CVE-2023-52789).
- Update
  patches.suse/usb-cdnsp-Fix-a-NULL-pointer-dereference-in-cdnsp_en.patch
  (git-fixes bsc#1225368 CVE-2021-47528).
- Update
  patches.suse/usb-chipidea-ci_hdrc_imx-Also-search-for-phys-phandl.patch
  (git-fixes stable-5.14.12 bsc#1225333 CVE-2021-47413).
- Update
  patches.suse/usb-config-fix-iteration-issue-in-usb_get_bos_descri.patch
  (git-fixes bsc#1225092 CVE-2023-52781).
- Update
  patches.suse/usb-dwc2-check-return-value-after-calling-platform_g.patch
  (stable-5.14.11 bsc#1225330 CVE-2021-47409).
- Update
  patches.suse/usb-dwc2-fix-possible-NULL-pointer-dereference-cause.patch
  (git-fixes bsc#1225583 CVE-2023-52855).
- Update patches.suse/usb-musb-dsps-Fix-the-probe-error-path.patch
  (git-fixes stable-5.14.14 bsc#1225244 CVE-2021-47436).
- Update
  patches.suse/usb-typec-tcpm-Fix-NULL-pointer-dereference-in-tcpm_.patch
  (git-fixes bsc#1224944 CVE-2023-52877).
- Update patches.suse/usbnet-sanity-check-for-maxpacket.patch
  (stable-5.14.16 bsc#1225351 CVE-2021-47495).
- Update
  patches.suse/userfaultfd-fix-a-race-between-writeprotect-and-exit.patch
  (stable-5.14.15 bsc#1225249 CVE-2021-47461).
- Update
  patches.suse/vdpa_sim-avoid-putting-an-uninitialized-iova_domain.patch
  (git-fixes bsc#1225466 CVE-2021-47554).
- Update
  patches.suse/virtio-net-fix-pages-leaking-when-building-skb-in-bi.patch
  (stable-5.14.9 bsc#1225123 CVE-2021-47367).
- Update
  patches.suse/wifi-ath11k-fix-dfs-radar-event-locking.patch
  (git-fixes bsc#1224947 CVE-2023-52798).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
  (git-fixes CVE-2023-52800).
- Update
  patches.suse/wifi-mac80211-don-t-return-unset-power-in-ieee80211_.patch
  (git-fixes bsc#1225577 CVE-2023-52832).
- Update
  patches.suse/x86-entry-Clear-X86_FEATURE_SMAP-when-CONFIG_X86_SMA.patch
  (stable-5.14.12 bsc#1225228 CVE-2021-47430).
- Update
  patches.suse/xhci-Fix-command-ring-pointer-corruption-while-abort.patch
  (stable-5.14.14 bsc#1225232 CVE-2021-47434).
- commit c477ba3

- powerpc/pseries/iommu: LPAR panics during boot up with a frozen
  PE (bsc#1222011 ltc#205900 CVE-2024-36926).
- commit db3b1aa

- netfilter: nf_tables: release mutex after nft_gc_seq_end from
  abort path (CVE-2024-26925 bsc#1223390).
- commit d38b98f

- idpf: extend tx watchdog timeout (bsc#1224137).
- commit 64976b7

- efi/capsule-loader: fix incorrect allocation size (bsc#1224438
  CVE-2024-27413).
- commit bcbd0b7

- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (CVE-2024-35817 bsc#1224736).
- commit 3fd949a

- selinux: avoid dereference of garbage after mount failure
  (bsc#1224494 CVE-2024-35904).
- commit dad5bc3

- af_unix: annote lockless accesses to unix_tot_inflight &
  gc_in_progress (bsc#1223384).
- Refresh
  patches.suse/io_uring-af_unix-defer-registered-files-gc-to-io_uri.patch.
- commit 478234c

- Update
  patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch
  (bsc#1209657 CVE-2023-0160 CVE-2024-35895 bsc#1224511).
- Update
  patches.suse/fs-aio-Check-IOCB_AIO_RW-before-the-struct-aio_kiocb.patch
  (bsc#1222721 CVE-2024-26764 CVE-2024-35815 bsc#1224685).
- Update
  patches.suse/nfsd-Fix-error-cleanup-path-in-nfsd_rename.patch
  (bsc#1221044 CVE-2023-52591 CVE-2024-35914 bsc#1224482).
- Update
  patches.suse/wifi-brcmfmac-Fix-use-after-free-bug-in-brcmf_cfg802.patch
  (CVE-2023-47233 bsc#1216702 CVE-2024-35811 bsc#1224592).
- commit 78f49e4

- Update
  patches.suse/bpf-Guard-stack-limits-against-32bit-overflow.patch
  (git-fixes CVE-2023-52676 bsc#1224730).
- commit bdae745

- Update patches.suse/afs-Fix-page-leak.patch (stable-5.14.9
  CVE-2021-47365 bsc#1224895).
- Update
  patches.suse/drm-amdgpu-Fix-even-more-out-of-bound-writes-from-de.patch
  (bsc#1191949 CVE-2021-42327 stable-5.14.16 CVE-2021-47489
  bsc#1224901).
- Update
  patches.suse/mm-khugepaged-skip-huge-page-collapse-for-special-fi.patch
  (stable-5.14.16 bsc#1193983 CVE-2021-4148 CVE-2021-47491
  bsc#1224900).
- Update
  patches.suse/mm-thp-bail-out-early-in-collapse_file-for-writeback.patch
  (stable-5.14.16 CVE-2021-47492 bsc#1224898).
- commit 9ce4e35

- Update
  patches.suse/drm-nouveau-avoid-a-use-after-free-when-BO-init-fail.patch
  (git-fixes stable-5.14.12 CVE-2020-36788 bsc#1224816).
- commit 92d2a7f

- Update patches.suse/powerpc-powernv-Add-a-null-pointer-check-in-opal_eve.patch
  (bsc#1065729 CVE-2023-52686).
- Update patches.suse/powerpc-powernv-Add-a-null-pointer-check-to-scom_deb.patch
  (bsc#1194869 CVE-2023-52690).
- commit 2a79a5d

- filemap: remove use of wait bookmarks (bsc#1224085).
- commit 36d572b

- scsi: qla2xxx: Fix double free of fcport (bsc#1223715
  CVE-2024-26929).
- commit b3136a1

- powerpc/pseries/vio: Don't return ENODEV if node or compatible
  missing (bsc#1220783).
- commit 1f4ad41

- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
  (bsc#1224174 CVE-2024-27398).
- commit d55ff83

- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- commit 2a3dbea

- scsi: qla2xxx: Fix double free of the ha->vp_map pointer
  (bsc#1223626 CVE-2024-26930).
- commit dba3cc6

- Update
  patches.suse/io_uring-af_unix-disable-sending-io_uring-over-socke.patch
  (bsc#1218447 CVE-2023-6531 CVE-2023-52654 bsc#1224099).
- commit 659f245

- Update
  patches.suse/usb-aqc111-check-packet-for-fixup-for-true-limit.patch
  (bsc#1217169 CVE-2023-52655).
  Added bugzilla ID and CVE
- commit a741c33

- supported.conf: support tcp_dctcp module (jsc#PED-8111)
- commit cca73b5

- Update
  patches.suse/sched-debug-fix-dentry-leak-in-update_sched_domain_d.patch
  (git-fixes CVE-2022-48699 bsc#1223996).
- commit 201a58f

- cachefiles: fix memory leak in cachefiles_add_cache()
  (bsc#1222976 CVE-2024-26840).
- commit 6543e12

- Update
  patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
  references (CVE-2024-26739 bsc#1222559, drop incorrect references).
- commit 892e634

- Update
  patches.suse/ALSA-emu10k1-Fix-out-of-bounds-access-in-snd_emu10k1.patch
  (git-fixes CVE-2022-48702 bsc#1223923).
- Update
  patches.suse/ALSA-usb-audio-Fix-an-out-of-bounds-bug-in-__snd_usb.patch
  (git-fixes CVE-2022-48701 bsc#1223921).
- Update
  patches.suse/RDMA-irdma-Fix-drain-SQ-hang-with-no-completion.patch
  (jsc#SLE-18383 CVE-2022-48694 bsc#1223964).
- Update
  patches.suse/RDMA-srp-Set-scmnd-result-only-when-scmnd-is-not-NUL.patch
  (git-fixes CVE-2022-48692 bsc#1223962).
- Update
  patches.suse/cgroup-Add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch
  (bsc#1196869 CVE-2022-48671 bsc#1223929).
- Update
  patches.suse/drm-radeon-add-a-force-flush-to-delay-work-when-rade.patch
  (git-fixes CVE-2022-48704 bsc#1223932).
- Update
  patches.suse/i40e-Fix-kernel-crash-during-module-removal.patch
  (jsc#SLE-18378 CVE-2022-48688 bsc#1223953).
- Update
  patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
  (bsc#1211592 CVE-2023-2860 CVE-2022-48687 bsc#1223952).
- Update
  patches.suse/net-smc-Fix-possible-access-to-freed-memory-in-link-clear
  (git-fixes CVE-2022-48673 bsc#1223934).
- Update
  patches.suse/nvme-tcp-fix-uaf-when-detecting-digest-errors.patch
  (bsc#1200313 bsc#1201489 CVE-2022-48686 bsc#1223948).
- Update patches.suse/nvmet-fix-a-use-after-free.patch (git-fixes
  CVE-2022-48697 bsc#1223922).
- Update
  patches.suse/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch
  (git-fixes CVE-2022-48672 bsc#1223931).
- Update
  patches.suse/scsi-mpt3sas-Fix-use-after-free-warning.patch
  (git-fixes CVE-2022-48695 bsc#1223941).
- Update
  patches.suse/soc-brcmstb-pm-arm-Fix-refcount-leak-and-__iomem-lea.patch
  (git-fixes CVE-2022-48693 bsc#1223963).
- Update
  patches.suse/thermal-int340x_thermal-handle-data_vault-when-the-v.patch
  (bsc#1201308 CVE-2022-48703 bsc#1223924).
- Update patches.suse/vfio-type1-Unpin-zero-pages.patch (git-fixes
  CVE-2022-48700 bsc#1223957).
- commit c8677b5

- packet: annotate data-races around ignore_outgoing
  (CVE-2024-26862 bsc#1223111).
- commit 6e591e7

- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
  (CVE-2024-0639 bsc#1218917).
- commit 517d4f7

- Update
  patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
  (CVE-2022-48662 bsc#1223505).
  Unbreak metadata (References: collides with our internal tracking,
  switch to Fixes: when referencing a commit).
- commit cd38265

- Update
  patches.suse/IB-core-Fix-a-nested-dead-lock-as-part-of-ODP-flow.patch
  (git-fixes CVE-2022-48675 bsc#1223894).
- Update
  patches.suse/drm-gma500-Fix-BUG-sleeping-function-called-from-inv.patch
  (git-fixes CVE-2022-48634 bsc#1223501).
- Update
  patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
  (CVE-2022-48662 bsc#1223505a4e7ccdac38e ("drm/i915: Move
  context management under GEM") bsc#1223505).
- Update
  patches.suse/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch
  (git-fixes CVE-2022-48632 bsc#1223481).
- Update
  patches.suse/ice-Fix-crash-by-keep-old-cfg-when-update-TCs-more-t.patch
  (git-fixes CVE-2022-48652 bsc#1223520).
- Update
  patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup
  (git-fixes CVE-2022-48636 bsc#1223512).
- commit 523501c

- pstore: inode: Only d_invalidate() is needed (bsc#1223705
  CVE-2024-27389).
- commit bbe965a

- media: edia: dvbdev: fix a use-after-free (CVE-2024-27043
  bsc#1223824).
- commit e3d9ce5

- Update
  patches.suse/ext4-fix-bug-in-extents-parsing-when-eh_entries-0-an.patch
  (bsc#1206881 bsc#1223475 CVE-2022-48631).
- commit 718df1c

- net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
  (CVE-2024-26852 bsc#1223057)
- commit d89430d

- md/raid5: fix atomicity violation in raid5_cache_count
  (bsc#1219169, CVE-2024-23307).
- commit d2d22f0

- kABI workaround for cec_adapter (CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid confusing "transmit timed out" message
  (CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid recursive cec_claim_log_addrs
  (CVE-2024-23848 bsc#1219104).
- media: cec: cec-api: add locking in cec_release()
  (CVE-2024-23848 bsc#1219104).
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
  (CVE-2024-23848 bsc#1219104).
- commit 5f84bce

- media: cec: abort if the current transmit was canceled
  (CVE-2024-23848 bsc#1219104).
- commit f23b730

- Update
  patches.suse/gpio-mockup-fix-NULL-pointer-dereference-when-removi.patch
  (git-fixes CVE-2022-48663 bsc#1223523).
- commit fb50f4d

- Update
  patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch
  (bsc#1203906 CVE-2022-48638 bsc#1223522).
- commit 1b1d545

- Update
  patches.suse/sfc-fix-TX-channel-offset-when-using-legacy-interrup.patch
  (git-fixes CVE-2022-48647 bsc#1223519).
- commit 2df3009

- Update
  patches.suse/smb3-fix-temporary-data-corruption-in-insert-range.patch
  (bsc#1193629 CVE-2022-48667 bsc#1223518).
- commit 2544640

- Update
  patches.suse/bnxt-prevent-skb-UAF-after-handing-over-to-PTP-worke.patch
  (jsc#SLE-18978 CVE-2022-48637 bsc#1223517).
- commit 8af9f52

- Update
  patches.suse/smb3-fix-temporary-data-corruption-in-collapse-range.patch
  (bsc#1193629 CVE-2022-48668 bsc#1223516).
- commit ea57df6

- drm/i915/gem: Really move i915_gem_context.link under ref
  protection (CVE-2022-48662 bsc#1223505).
- commit 1ea0422

- Update
  patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
  (bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit ecd523c

- Update
  patches.suse/sfc-fix-null-pointer-dereference-in-efx_hard_start_x.patch
  (git-fixes CVE-2022-48648 bsc#1223503).
- commit 2cd307a

- Update
  patches.suse/gpiolib-cdev-Set-lineevent_state-irq-after-IRQ-regis.patch
  (git-fixes CVE-2022-48660 bsc#1223487).
- commit 30d7811

- Update
  patches.suse/arm64-topology-fix-possible-overflow-in-amu_fie_setu.patch
  (git-fixes CVE-2022-48657 bsc#1223484).
- commit d7e1659

- Update
  patches.suse/netfilter-nfnetlink_osf-fix-possible-bogus-match-in-.patch
  (bsc#1204614 CVE-2022-48654 bsc#1223482).
- commit a8a2952

- Update
  patches.suse/dmaengine-ti-k3-udma-private-Fix-refcount-leak-bug-i.patch
  (git-fixes CVE-2022-48656 bsc#1223479).
- commit 90546f3

- Update
  patches.suse/ice-Don-t-double-unplug-aux-on-peer-initiated-reset.patch
  (git-fixes CVE-2022-48653 bsc#1223474).
- commit dba84ad

- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
  (bsc#1223513 CVE-2022-48651).
- commit c96a663

- Update patches.suse/firmware-arm_scmi-Harden-accesses-to-the-reset-domai.patch (git-fixes CVE-2022-48655 bsc#1223477)
- commit 2dabafb

- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- commit 18e662b

- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- commit 23bb7e0

- Update
  patches.suse/spi-spi-zynqmp-gqspi-Handle-error-for-dma_set_mask.patch
  (git-fixes CVE-2021-47047 bsc#1220761).
- commit 1f6461d

- crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
  (CVE-2023-52616 bsc#1221612).
- commit 6fa74bc

- x86/boot: Ignore relocations in .notes sections in walk_relocs() too (bsc#1222624 CVE-2024-26816).
- commit 9c9dbbd

- x86, relocs: Ignore relocations in .notes section (bsc#1222624 CVE-2024-26816).
- commit 9bcfc48

- Update
  patches.suse/aoe-fix-the-potential-use-after-free-problem-in-aoec.patch
  (bsc#1218562 CVE-2023-6270 CVE-2024-26898 bsc#1223016).
- commit 5a56f33

- Update
  patches.suse/Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_.patch
  (bsc#1219170 CVE-2024-22099 CVE-2024-26903 bsc#1223187).
- commit 1a4ee0a

- powerpc/kasan: Don't instrument non-maskable or raw interrupts
  (bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
  - Refresh patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
- commit c442aed

- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt
  (bsc#1221645 ltc#205739 bsc#1223191).
- commit 9826a2e

- Update
  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
- Update
  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
- Update
  patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
  (CVE-2024-26733 bsc#1222585 CVE-2024-26739 bsc#1222559).
- commit ac0df3e

- Update
  patches.suse/ALSA-gus-fix-null-pointer-dereference-on-pointer-blo.patch
  (git-fixes CVE-2021-47207 bsc#1222790).
- Update
  patches.suse/ALSA-usb-audio-fix-null-pointer-dereference-on-point.patch
  (bsc#1192354 CVE-2021-47211 bsc#1222869).
- Update
  patches.suse/RDMA-core-Set-send-and-receive-CQ-before-forwarding-.patch
  (jsc#SLE-19249 CVE-2021-47196 bsc#1222773).
- Update
  patches.suse/arm64-dts-qcom-msm8998-Fix-CPU-L2-idle-state-latency.patch
  (git-fixes CVE-2021-47187 bsc#1222703).
- Update
  patches.suse/cfg80211-call-cfg80211_stop_ap-when-switch-from-P2P_.patch
  (git-fixes CVE-2021-47194 bsc#1222829).
- Update
  patches.suse/clk-sunxi-ng-Unregister-clocks-resets-when-unbinding.patch
  (git-fixes CVE-2021-47205 bsc#1222888).
- Update
  patches.suse/drm-prime-Fix-use-after-free-in-mmap-with-drm_gem_tt.patch
  (git-fixes CVE-2021-47200 bsc#1222838).
- Update
  patches.suse/i40e-Fix-NULL-ptr-dereference-on-VSI-filter-sync.patch
  (jsc#SLE-18378 CVE-2021-47184 bsc#1222666).
- Update
  patches.suse/iavf-free-q_vectors-before-queues-in-iavf_disable_vf.patch
  (jsc#SLE-18385 CVE-2021-47201 bsc#1222792).
- Update
  patches.suse/msft-hv-2480-x86-hyperv-Fix-NULL-deref-in-set_hv_tscchange_cb-if-.patch
  (git-fixes CVE-2021-47217 bsc#1222836).
- Update
  patches.suse/net-dpaa2-eth-fix-use-after-free-in-dpaa2_eth_remove.patch
  (git-fixes CVE-2021-47204 bsc#1222787).
- Update
  patches.suse/net-mlx5-Update-error-handler-for-UCTX-and-UMEM.patch
  (jsc#SLE-19253 CVE-2021-47212 bsc#1222709).
- Update
  patches.suse/net-mlx5e-CT-Fix-multiple-allocations-and-memleak-of.patch
  (jsc#SLE-19253 CVE-2021-47199 bsc#1222785).
- Update
  patches.suse/net-mlx5e-kTLS-Fix-crash-in-RX-resync-flow.patch
  (jsc#SLE-19253 CVE-2021-47215 bsc#1222704).
- Update
  patches.suse/net-mlx5e-nullify-cq-dbg-pointer-in-mlx5_debug_cq_re.patch
  (jsc#SLE-19253 CVE-2021-47197 bsc#1222776).
- Update
  patches.suse/sched-fair-Prevent-dead-task-groups-from-regaining-cfs_rq-s.patch
  (bsc#1192837 CVE-2021-47209 bsc#1222796).
- Update patches.suse/scsi-advansys-Fix-kernel-pointer-leak.patch
  (git-fixes CVE-2021-47216 bsc#1222876).
- Update
  patches.suse/scsi-core-sysfs-Fix-hang-when-device-state-is-set-via-sysfs
  (git-fixes CVE-2021-47192 bsc#1222867).
- Update
  patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
  (bsc#1190576 CVE-2021-47203 bsc#1222881).
- Update
  patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
  (bsc#1192145 CVE-2021-47198 bsc#1222883).
- Update
  patches.suse/scsi-pm80xx-Fix-memory-leak-during-rmmod.patch
  (git-fixes CVE-2021-47193 bsc#1222879).
- Update
  patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch
  (git-fixes CVE-2021-47191 bsc#1222866).
- Update
  patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_report_tgtpgs.patch
  (git-fixes CVE-2021-47219 bsc#1222824).
- Update patches.suse/scsi-ufs-core-Improve-SCSI-abort-handling
  (git-fixes CVE-2021-47188 bsc#1222671).
- Update
  patches.suse/selinux-fix-NULL-pointer-dereference-when-hashtab-al.patch
  (git-fixes CVE-2021-47218 bsc#1222791).
- Update
  patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch
  (stable-5.14.21 CVE-2021-47202 bsc#1222878).
- Update
  patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
  (git-fixes CVE-2021-47185 bsc#1222669).
- Update
  patches.suse/usb-host-ohci-tmio-check-return-value-after-calling-.patch
  (git-fixes CVE-2021-47206 bsc#1222894).
- Update
  patches.suse/usb-typec-tipd-Remove-WARN_ON-in-tps6598x_block_read.patch
  (git-fixes CVE-2021-47210 bsc#1222901).
- commit 48b69db

- wifi: iwlwifi: fix a memory corruption (CVE-2024-26610
  bsc#1221299).
- commit e7967c5

- xen/events: close evtchn after mapping cleanup (CVE-2024-26687,
  bsc#1222435).
- commit eb41ab9

- Update patches.suse/arp-Prevent-overflow-in-arp_req_get.patch
- fix build warning
- commit b98055d

- ext4: regenerate buddy after block freeing failed if under fc
  replay (bsc#1220342 CVE-2024-26601).
- commit c12e20f

- blacklist.conf: Blacklist 83e80a6e3543f3
- commit 62a580e

- fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
  (bsc#1222721 CVE-2024-26764).
- commit b81d662

- fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via
  libaio (bsc#1222721 CVE-2024-26764).
- commit 6f0ed6e

- ext4: avoid allocating blocks from corrupted group in
  ext4_mb_try_best_found() (bsc#1222618 CVE-2024-26773).
- commit 821043d

- Update patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch (stable-5.14.21 CVE-2021-47202 bsc#1222878)
- commit 9b2ed28

- Update references in
  patches.suse/ocfs2-Avoid-touching-renamed-directory-if-parent-doe.patch
  (bsc#1221044 bsc#1221088 CVE-2023-52591 CVE-2023-52590).
- commit 6a6852e

- Update patches.suse/spi-fix-use-after-free-of-the-add_lock-mutex.patch (git-fixes CVE-2021-47195 bsc#1222832)
- commit e8d48f1

- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (bsc#1222726 CVE-2024-26766)
- commit dc4bba0

- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- commit af79c3f

- md/raid5: fix atomicity violation in raid5_cache_count
  (bsc#1219169, CVE-2024-23307).
- commit 7709383

- Update
  patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch
  (git-fixes CVE-2021-47189 bsc#1222706).
- commit 95bc72d

- Update
  patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
  (git-fixes CVE-2021-47185).
- commit de9e1db

- Update
  patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch
  (bsc#1192145 CVE-2021-47183 bsc#1222664).
- commit 720685d

- Update
  patches.suse/scsi-core-Fix-scsi_mode_sense-buffer-length-handling.patch
  (git-fixes CVE-2021-47182 bsc#1222662).
- commit 641c737

- Update
  patches.suse/usb-musb-tusb6010-check-return-value-after-calling-p.patch
  (git-fixes CVE-2021-47181 bsc#1222660).
- commit 27da195

- ceph: prevent use-after-free in encode_cap_msg() (CVE-2024-26689
  bsc#1222503).
- commit c307f9b

- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
  (bsc#1222619).
- commit 900d642

- arp: Prevent overflow in arp_req_get() (CVE-2024-26733
  bsc#1222585).
- commit aed9764

- net/sched: act_mirred: don't override retval if we already
  lost the skb (CVE-2024-26733 bsc#1222585).
- commit 57213f3

- Update
  patches.suse/btrfs-do-not-ASSERT-if-the-newly-created-subvolume-a.patch
  (bsc#1219126 CVE-2024-23850 CVE-2024-26727 bsc#1222536).
- commit 9619dfe

- ext4: fix double-free of blocks due to wrong extents moved_len
  (bsc#1222422 CVE-2024-26704).
- commit 4e96ad3

- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
  (bsc#1219264 CVE-2024-0841).
- commit aa8204a

- nfsd: Fix error cleanup path in nfsd_rename() (bsc#1221044
  CVE-2023-52591).
- commit a849be1

- scsi: pm80xx: Avoid leaking tags when processing
  OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883
  cve-2023-52500).
- commit fc88013

- Update
  patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch
  (CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117).
- commit fd3aabc

- selinux: saner handling of policy reloads (bsc#1222230 bsc#1221044
  CVE-2023-52591).
- commit 66a189d

- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
  (bsc#1209657 CVE-2023-0160).
- commit 989b8c6

- blacklist.conf: omit reverted sockmap deadlock fix
- commit 397323e

- x86/sev: Harden #VC instruction emulation somewhat (CVE-2024-25742 bsc#1221725).
- commit 2e3eba1

- netfilter: nf_tables: disallow anonymous set with timeout flag
  (CVE-2024-26642 bsc#1221830).
- commit 02a907f

- netfilter: ctnetlink: fix possible refcount leak in
  ctnetlink_create_conntrack() (CVE-2023-7192 bsc#1218479).
- commit 0b47032

- README.BRANCH: Remove copy of branch name
- commit 4834fba

- README.BRANCH: Remove copy of branch name
- commit 704bda3

- ipv6: init the accept_queue's spinlocks in inet6_create
  (bsc#1221293 CVE-2024-26614).
- commit 0ab8c0f

- tcp: make sure init the accept_queue's spinlocks once
  (bsc#1221293 CVE-2024-26614).
- commit 943f002

- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
  (CVE-2023-52607 bsc#1221061).
- commit 36feafa

- Update
  patches.suse/HID-intel-ish-hid-ipc-Disable-and-reenable-ACPI-GPE-.patch
  (git-fixes CVE-2023-52519 bsc#1220920).
- Update
  patches.suse/HID-sony-Fix-a-potential-memory-leak-in-sony_probe.patch
  (git-fixes CVE-2023-52529 bsc#1220929).
- Update
  patches.suse/IB-hfi1-Fix-bugs-with-non-PAGE_SIZE-end-multi-iovec-.patch
  (git-fixes CVE-2023-52474 bsc#1220445).
- Update
  patches.suse/RDMA-siw-Fix-connection-failure-handling.patch
  (git-fixes CVE-2023-52513 bsc#1221022).
- Update
  patches.suse/RDMA-srp-Do-not-call-scsi_done-from-srp_abort.patch
  (git-fixes CVE-2023-52515 bsc#1221048).
- Update
  patches.suse/Revert-tty-n_gsm-fix-UAF-in-gsm_cleanup_mux.patch
  (git-fixes CVE-2023-52564 bsc#1220938).
- Update
  patches.suse/bpf-Check-rcu_read_lock_trace_held-before-calling-bp.patch
  (bsc#1220251 CVE-2023-52447 CVE-2023-52621 bsc#1222073).
- Update
  patches.suse/ieee802154-ca8210-Fix-a-potential-UAF-in-ca8210_prob.patch
  (git-fixes CVE-2023-52510 bsc#1220898).
- Update
  patches.suse/net-nfc-llcp-Add-lock-when-modifying-device-list.patch
  (git-fixes CVE-2023-52524 bsc#1220927).
- Update
  patches.suse/net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75.patch
  (git-fixes CVE-2023-52528 bsc#1220843).
- Update
  patches.suse/nfc-nci-assert-requested-protocol-is-valid.patch
  (git-fixes CVE-2023-52507 bsc#1220833).
- Update
  patches.suse/nilfs2-fix-potential-use-after-free-in-nilfs_gccache.patch
  (git-fixes CVE-2023-52566 bsc#1220940).
- Update
  patches.suse/nvme-fc-Prevent-null-pointer-dereference-in-nvme_fc_.patch
  (bsc#1214842 CVE-2023-52508 bsc#1221015).
- Update
  patches.suse/nvmet-tcp-Fix-a-kernel-panic-when-host-sends-an-inva.patch
  (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
  CVE-2023-6356 CVE-2023-52454 bsc#1220320).
- Update
  patches.suse/platform-x86-think-lmi-Fix-reference-leak.patch
  (git-fixes CVE-2023-52520 bsc#1220921).
- Update
  patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch
  (bsc#1212514 CVE-2023-35827 CVE-2023-52509 bsc#1220836).
- Update
  patches.suse/ring-buffer-Do-not-attempt-to-read-past-commit.patch
  (git-fixes CVE-2023-52501 bsc#1220885).
- Update
  patches.suse/serial-8250_port-Check-IRQ-data-before-use.patch
  (git-fixes CVE-2023-52567 bsc#1220839).
- Update
  patches.suse/spi-sun6i-fix-race-between-DMA-RX-transfer-completio.patch
  (git-fixes CVE-2023-52517 bsc#1221055).
- Update
  patches.suse/spi-sun6i-reduce-DMA-RX-transfer-width-to-single-byt.patch
  (git-fixes CVE-2023-52511 bsc#1221012).
- Update
  patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch
  (git-fixes CVE-2023-52525 bsc#1220840).
- Update
  patches.suse/x86-alternatives-disable-kasan-in-apply_alternatives.patch
  (git-fixes CVE-2023-52504 bsc#1221553).
- Update
  patches.suse/x86-srso-fix-sbpb-enablement-for-spec_rstack_overflow-off.patch
  (git-fixes CVE-2023-52575 bsc#1220871).
- commit 5f353b0

- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
  (bsc#1194516 CVE-2022-0487 CVE-2022-48626 bsc#1220366).
- Update
  patches.suse/crypto-qcom-rng-ensure-buffer-for-generate-is-comple.patch
  (git-fixes CVE-2022-48629 bsc#1220989).
- Update
  patches.suse/crypto-qcom-rng-fix-infinite-loop-on-requests-not-mu.patch
  (git-fixes CVE-2022-48630 bsc#1220990).
- commit f8cf886

- Update
  patches.suse/ALSA-hda-intel-sdw-acpi-harden-detection-of-controll.patch
  (git-fixes CVE-2021-46926 bsc#1220478).
- Update
  patches.suse/ALSA-rawmidi-fix-the-uninitalized-user_pversion.patch
  (git-fixes CVE-2021-47096 bsc#1220981).
- Update
  patches.suse/IB-qib-Fix-memory-leak-in-qib_user_sdma_queue_pkts.patch
  (git-fixes CVE-2021-47104 bsc#1220960).
- Update
  patches.suse/Input-elantech-fix-stack-out-of-bound-access-in-elan.patch
  (git-fixes CVE-2021-47097 bsc#1220982).
- Update
  patches.suse/KVM-x86-mmu-Don-t-advance-iterator-after-restart-due.patch
  (git-fixes CVE-2021-47094 bsc#1221551).
- Update patches.suse/NFSD-Fix-READDIR-buffer-overflow.patch
  (git-fixes bsc#1196346 CVE-2021-47107 bsc#1220965).
- Update
  patches.suse/asix-fix-uninit-value-in-asix_mdio_read.patch
  (git-fixes CVE-2021-47101 bsc#1220987).
- Update
  patches.suse/drm-mediatek-hdmi-Perform-NULL-pointer-check-for-mtk.patch
  (git-fixes CVE-2021-47108 bsc#1220986).
- Update
  patches.suse/hwmon-lm90-Prevent-integer-overflow-underflow-in-hys.patch
  (git-fixes CVE-2021-47098 bsc#1220983).
- Update
  patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch
  (git-fixes CVE-2021-47100 bsc#1220985).
- Update
  patches.suse/ipmi-ssif-initialize-ssif_info-client-early.patch
  (bsc#1193490 CVE-2021-47095 bsc#1220979).
- Update
  patches.suse/mac80211-fix-locking-in-ieee80211_start_ap-error-pat.patch
  (git-fixes CVE-2021-47091 bsc#1220959).
- Update
  patches.suse/net-fix-use-after-free-in-tw_timer_handler.patch
  (bsc#1217195 CVE-2021-46936 bsc#1220439).
- Update
  patches.suse/net-marvell-prestera-fix-incorrect-structure-access.patch
  (git-fixes CVE-2021-47102 bsc#1221009).
- Update
  patches.suse/net-smc-fix-kernel-panic-caused-by-race-of-smc_sock
  (git-fixes CVE-2021-46925 bsc#1220466).
- Update
  patches.suse/nitro_enclaves-Use-get_user_pages_unlocked-call-to-handle-mmap-assert.patch
  (git fixes (mm/gup) CVE-2021-46927 bsc#1220443).
- Update
  patches.suse/platform-x86-intel_pmc_core-fix-memleak-on-registrat.patch
  (git-fixes CVE-2021-47093 bsc#1220978).
- Update patches.suse/sctp-use-call_rcu-to-free-endpoint.patch
  (CVE-2022-20154 bsc#1200599 CVE-2021-46929 bsc#1220482).
- Update patches.suse/tee-optee-Fix-incorrect-page-free-bug.patch
  (jsc#SLE-21844 CVE-2021-47087 bsc#1220954).
- Update
  patches.suse/tun-avoid-double-free-in-tun_free_netdev.patch
  (bsc#1209635 CVE-2022-4744 git-fixes CVE-2021-47082
  bsc#1220969).
- Update
  patches.suse/usb-gadget-f_fs-Clear-ffs_eventfd-in-ffs_data_clear.patch
  (git-fixes CVE-2021-46933 bsc#1220487).
- Update patches.suse/usb-mtu3-fix-list_head-check-warning.patch
  (git-fixes CVE-2021-46930 bsc#1220484).
- Update
  patches.suse/veth-ensure-skb-entering-GRO-are-not-cloned.patch
  (git-fixes CVE-2021-47099 bsc#1220955).
- commit b15f74e

- wifi: ath10k: fix NULL pointer dereference in
  ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336
  CVE-2023-7042).
- commit 1784f9f

- x86/sev: Harden #VC instruction emulation somewhat (CVE-2024-25742 bsc#1221725).
- commit 02ed75a

- dmaengine: fix NULL pointer in channel unregistration function (bsc#1221276 CVE-2023-52492)
- commit f21c2ab

- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
  (bsc#1219170 CVE-2024-22099).
- commit ece27a6

- perf/x86/lbr: Filter vsyscall addresses (bsc#1220703,
  CVE-2023-52476).
- commit c52b506

- fs: introduce lock_rename_child() helper (bsc#1221044
  CVE-2023-52591).
  Refresh patches.suse/fs-Establish-locking-order-for-unrelated-directories.patch
- commit 86376e0

- rename(): avoid a deadlock in the case of parents having no
  common ancestor (bsc#1221044 CVE-2023-52591).
- commit 16e3098

- kill lock_two_inodes() (bsc#1221044 CVE-2023-52591).
- commit 8b8deef

- rename(): fix the locking of subdirectories (bsc#1221044
  CVE-2023-52591).
- commit 146d81f

- f2fs: Avoid reading renamed directory if parent does not change
  (bsc#1221044 CVE-2023-52591).
- commit 5344280

- ext4: don't access the source subdirectory content on
  same-directory rename (bsc#1221044 CVE-2023-52591).
- commit b2b6374

- ext2: Avoid reading renamed directory if parent does not change
  (bsc#1221044 CVE-2023-52591).
- commit 2edcc11

- udf_rename(): only access the child content on cross-directory
  rename (bsc#1221044 CVE-2023-52591).
- commit 0257614

- ocfs2: Avoid touching renamed directory if parent does not
  change (bsc#1221044 CVE-2023-52591).
- commit e786f3a

- reiserfs: Avoid touching renamed directory if parent does not
  change (git-fixes bsc#1221044 CVE-2023-52591).
  Refresh patches.suse/reiserfs-add-check-to-detect-corrupted-directory-entry.patch
  Refresh patches.suse/reiserfs-don-t-panic-on-bad-directory-entries.patch
- commit 523ddca

- fs: don't assume arguments are non-NULL (bsc#1221044
  CVE-2023-52591).
- commit 2177893

- fs: Restrict lock_two_nondirectories() to non-directory inodes
  (bsc#1221044 CVE-2023-52591).
- commit a59a7cb

- fs: ocfs2: check status values (bsc#1221044 CVE-2023-52591).
- commit 8c6576f

- perf/x86/intel/uncore: Fix NULL pointer dereference issue in
  upi_fill_topology() (bsc#1220237, CVE-2023-52450).
- commit 246b58a

- net/sched: Add module alias for sch_fq_pie (bsc#1210335 CVE-2023-1829).
- commit a69d933

- net/sched: Remove alias of sch_clsact (bsc#1210335 CVE-2023-1829).
- net/sched: Load modules via their alias (bsc#1210335 CVE-2023-1829).
- net/sched: Add module aliases for cls_,sch_,act_ modules
  (bsc#1210335 CVE-2023-1829).
- net/sched: Add helper macros with module names (bsc#1210335 CVE-2023-1829).
- commit 961c535

- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is  set (bsc#1213456 CVE-2023-28746).
- commit 4fed4e6

- Sort upstream patches
- Refresh
  patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch.
- Refresh
  patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch.
- Refresh
  patches.suse/x86-entry-ia32-Ensure-s32-is-sign-extended-to-s64.patch.
- Refresh
  patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch.
- commit f172e12

- Refresh patches.kabi/team-Hide-new-member-header-ops.patch.
  Fix for kABI workaround.
- commit 6ba2f5d

- ceph: fix deadlock or deadcode of misusing dget() (bsc#1221058
  CVE-2023-52583).
- commit 1a81018

- netfs: Only call folio_start_fscache() one time for each folio
  (CVE-2023-52582 bsc#1220878).
- commit dfd082b

- Refresh
  patches.suse/mm-ima-kexec-of-use-memblock_free_late-from-ima_free.patch.
  Fix:
  * Section mismatch (function ima_free_kexec_buffer()) in modpost: vmlinux.o in ima_free_kexec_buffer()
  WARNING: modpost: vmlinux.o(.text+0xac1250): Section mismatch in reference from the function ima_free_kexec_buffer() to the function .init.text:__memblock_free_late()
- commit 5522f01

- powerpc/pseries/iommu: IOMMU table is not initialized for
  kdump over SR-IOV (bsc#1220492 ltc#205270).
- commit 535ea22

- Update
  patches.suse/usb-hub-Guard-against-accesses-to-uninitialized-BOS-.patch
  (bsc#1220790 CVE-2023-52477).
- commit d33bab7

- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (bsc#1220413 CVE-2023-52470).
- commit 9d7d799

- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (bsc#1220411 CVE-2023-52469).
- commit f4f0cf4

- group-source-files.pl: Quote filenames (boo#1221077).
  The kernel source now contains a file with a space in the name.
  Add quotes in group-source-files.pl to avoid splitting the filename.
  Also use -print0 / -0 when updating timestamps.
- commit a005e42

- mm,ima,kexec,of: use memblock_free_late from
  ima_free_kexec_buffer (bsc#1220872 CVE-2023-52576).
- commit b1b1c9a

- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (bsc#1220340,CVE-2024-26600)
- commit 78e2b4a

- erofs: fix lz4 inplace decompression (CVE-2023-52497
  bsc#1220879).
- commit ddeedf9

- ACPI: extlog: fix NULL pointer dereference check (bsc#1221039
  CVE-2023-52605).
- commit 635c481

- kernel-binary: Fix i386 build
  Fixes: 89eaf4cdce05 ("rpm templates: Move macro definitions below buildrequires")
- commit f7c6351

- btrfs: remove BUG() after failure to insert delayed dir index
  item (bsc#1220918 CVE-2023-52569).
- btrfs: improve error message after failure to add delayed dir
  index item (bsc#1220918 CVE-2023-52569).
- commit 53e1d2d

- net: nfc: fix races in nfc_llcp_sock_get() and
  nfc_llcp_sock_get_sn() (CVE-2023-52502 bsc#1220831).
- commit 8c33586

- kabi: team: Hide new member header_ops (bsc#1220870
  CVE-2023-52574).
- commit 9f49992

- KVM: s390: fix setting of fpc register (git-fixes bsc#1220392
  bsc#1221040 CVE-2023-52597).
- commit a90b87c

- kernel-binary: vdso: fix filelist for non-usrmerged kernel
  Fixes: a6ad8af207e6 ("rpm templates: Always define usrmerged")
- commit fb3f221

- bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
  (bsc#1220926 CVE-2023-52523).
- commit 90d9f50

- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
  (bsc#1218562 CVE-2023-6270).
- commit 57a4cd4

- efivarfs: force RO when remounting if SetVariable is not
  supported (bsc#1220328 CVE-2023-52463).
- commit eed7fb0

- iommu/vt-d: Avoid memory allocation in iommu_suspend()
  (CVE-2023-52559 bsc#1220933).
- commit c9b01ef

- Refresh patches.suse/0001-powerpc-pseries-memhp-Fix-access-beyond-end-of-drmem.patch.
  - update to upstream version
  - rename to same name as SLE15 SP5
- commit 1d2def1

- KVM: x86: Export RFDS_NO and RFDS_CLEAR to guests (bsc#1213456 CVE-2023-28746).
- commit 4aebf4f

- x86/rfds: Mitigate Register File Data Sampling (RFDS)  (bsc#1213456 CVE-2023-28746).
- Update config files.
- commit 29c1c99

- Documentation/hw-vuln: Add documentation for RFDS (bsc#1213456 CVE-2023-28746).
- commit 81de603

- ravb: Fix use-after-free issue in ravb_tx_timeout_work()
  (bsc#1212514 CVE-2023-35827).
- team: fix null-ptr-deref when team device type is changed
  (bsc#1220870 CVE-2023-52574).
- commit 2cc53f5

- Update
  patches.suse/ice-xsk-return-xsk-buffers-back-to-pool-when-cleanin.patch
  (jsc#SLE-18375 bsc#1220961 CVE-2021-47105).
- Update patches.suse/net-mana-Fix-TX-CQE-error-handling.patch
  (bsc#1215986 bsc#1220932 CVE-2023-52532).
- Update
  patches.suse/net-mlx5e-Wrap-the-tx-reporter-dump-callback-to-extr.patch
  (jsc#SLE-19253 bsc#1220486 CVE-2021-46931).
  Added CVE references.
- commit 3e396c2

- Update patches.suse/i2c-validate-user-data-in-compat-ioctl.patch
  (git-fixes bsc#1220469 CVE-2021-46934).
  Add bug and CVE references.
- commit 3a04060

- wifi: mac80211: fix potential key use-after-free (CVE-2023-52530
  bsc#1220930).
- commit 3feca94

- Update patch reference for iwlwifi fix (CVE-2023-52531 bsc#1220931)
- commit bde87cf

- Update patch reference for pinctrl fix (CVE-2021-47083 bsc#1220917)
- commit b608623

- drm/bridge: sii902x: Fix probing race issue (bsc#1220736 CVE-2024-26607).
- commit 70198c4

- Update
  patches.suse/vt-fix-memory-overlapping-when-deleting-chars-in-the.patch
  (git-fixes bsc#1220845 CVE-2022-48627).
- Update
  patches.suse/x86-srso-add-srso-mitigation-for-hygon-processors.patch
  (git-fixes bsc#1220735 CVE-2023-52482).
  Add CVE references.
- commit dcdac38

- mfd: syscon: Fix null pointer dereference in
  of_syscon_register() (bsc#1220433 CVE-2023-52467).
- commit b0262b8

- bpf: Fix re-attachment branch in bpf_tracing_prog_attach
  (bsc#1220254 CVE-2024-26591).
- commit fc948d3

- selftests/bpf: Add test for alu on PTR_TO_FLOW_KEYS (bsc#1220255
  CVE-2024-26589).
- bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255
  CVE-2024-26589).
- commit 8a833ce

- iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range (CVE-2023-52484 bsc#1220797).
- commit 2229de3

- tls: fix race between tx work scheduling and socket close
  (CVE-2024-26585 bsc#1220187).
- commit 1306bff

- kabi: restore return type of dst_ops::gc() callback
  (CVE-2023-52340 bsc#1219295).
- ipv6: remove max_size check inline with ipv4 (CVE-2023-52340
  bsc#1219295).
- commit b8eec42

- netfilter: nf_tables: fix 64-bit load issue in
  nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- netfilter: nf_tables: fix pointer math issue in
  nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- commit e095cd0

- netfilter: nft_set_pipapo: skip inactive elements during set
  walk (CVE-2023-6817 bsc#1218195).
- commit 4032aa7

- tomoyo: fix UAF write bug in tomoyo_write_control() (bsc#1220825
  CVE-2024-26622).
- commit c8e5b38

- doc/README.SUSE: Update information about module support status
  (jsc#PED-5759)
  Following the code change in SLE15-SP6 to have externally supported
  modules no longer taint the kernel, update the respective documentation
  in README.SUSE:
  * Describe that support status can be obtained at runtime for each
  module from /sys/module/$MODULE/supported and for the entire system
  from /sys/kernel/supported. This provides a way how to now check that
  the kernel has any externally supported modules loaded.
  * Remove a mention that externally supported modules taint the kernel,
  but keep the information about bit 16 (X) and add a note that it is
  still tracked per module and can be read from
  /sys/module/$MODULE/taint. This per-module information also appears in
  Oopses.
- commit 9ed8107

- btrfs: fix double free of anonymous device after snapshot
  creation failure (bsc#1219126 CVE-2024-23850).
- commit 257a534

- btrfs: do not ASSERT() if the newly created subvolume already
  got read (bsc#1219126 CVE-2024-23850).
- commit a2ac581

- bpf: Minor cleanup around stack bounds (bsc#1220257
  CVE-2023-52452).
- bpf: Fix accesses to uninit stack slots (bsc#1220257
  CVE-2023-52452).
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Fix verification of indirect var-off stack access
  (git-fixes).
- commit 7d03125

- serial: 8250: omap: Don't skip resource freeing if
  pm_runtime_resume_and_get() failed (bsc#1220350 CVE-2023-52457).
- commit c82f528

- serial: imx: fix tx statemachine deadlock (bsc#1220364
  CVE-2023-52456).
- commit cd9f92c

- powerpc/pseries/memhp: Fix access beyond end of drmem array
  (bsc#1220250,CVE-2023-52451).
- commit fdc7254

- Update patch reference for input fix (CVE-2021-46932 bsc#1220444)
- commit e44e0b1

- Update patches.suse/i2c-Fix-a-potential-use-after-free.patch
  (git-fixes bsc#1220409 CVE-2019-25162).
  Add bug and CVE references.
- commit 6df4ebd

- efivarfs: force RO when remounting if SetVariable is not
  supported (bsc#1220328 CVE-2023-52463).
- commit 3cfef52

- btrfs: fix double free of anonymous device after snapshot
  creation failure (bsc#1219126 CVE-2024-23850).
- commit f8ba729

- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
  (bsc#1220238 CVE-2023-52449).
- commit c132b67

- fs/mount_setattr: always cleanup mount_kattr (bsc#1220457
  CVE-2021-46923).
- commit 89afe2f

- kABI: bpf: map_fd_put_ptr() signature kABI workaround
  (bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
  CVE-2023-52447).
- kABI: bpf: map_fd_put_ptr() signature kABI workaround
  (bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
  CVE-2023-52447).
- commit bec1c61

- selftests/bpf: Test outer map update operations in syscall
  program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
  CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
  CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
  map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
  (bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
  helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
  CVE-2023-52447).
- selftests/bpf: Test outer map update operations in syscall
  program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
  CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
  CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
  map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
  (bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
  helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
  CVE-2023-52447).
- commit aa6db76

- Update patch reference for HID fix (CVE-2023-52478 bsc#1220796)
- commit 4aec836

- Update patch reference for input fix (CVE-2023-52475 bsc#1220649)
- commit 00a87c8

- KVM: arm64: vgic-its: Avoid potential UAF in LPI translation
  cache (bsc#1220326, CVE-2024-26598).
- commit 74fd0dd

- x86/fpu: Stop relying on userspace for info to fault in xsave buffer (bsc#1220335, CVE-2024-26603).
- commit 4cbbdbf

- Update patch reference for NFC fix (CVE-2021-46924 bsc#1220459)
- commit 8ac32a8

- media: pvrusb2: fix use after free on context disconnection
  (CVE-2023-52445 bsc#1220241).
- commit e4643a5

- uio: Fix use-after-free in uio_open (bsc#1220140
  CVE-2023-52439).
- commit fbf52b1

- apparmor: avoid crash when parsed profile name is empty
  (CVE-2023-52443 bsc#1220240).
- commit 732bc93

- btrfs: do not ASSERT() if the newly created subvolume already
  got read (bsc#1219126 CVE-2024-23850).
- commit 087f1fb

- sched/membarrier: reduce the ability to hammer on sys_membarrier
  (git-fixes, bsc#1220398, CVE-2024-26602).
- commit 6f61ce3

- i2c: i801: Fix block process call transactions (bsc#1220009
  CVE-2024-26593).
- commit 1b64da9

- mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243
  CVE-2024-26586).
- mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in
  error path (bsc#1220344 CVE-2024-26595).
- commit 6e8b589

- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330, CVE-2023-52464)
- commit 369d1fd

- Drop 2 git-fixes patches which are suspicious to introduce regression
  reported in bsc#1219073,
  - patches.suse/md-Set-MD_BROKEN-for-RAID1-and-RAID10-9631.patch.
  - patches.suse/md-raid1-free-the-r1bio-before-waiting-for-blocked-r-992d.patch.
- Refresh patches.suse/md-display-timeout-error.patch for the above
  change.
- commit 4ecd26a

- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
  (bsc#1220253 CVE-2023-52448).
- commit 12cdab5

- rpm templates: Always define usrmerged
  usrmerged is now defined in kernel-spec-macros and not the distribution.
  Only check if it's defined in kernel-spec-macros, not everywhere where
  it's used.
- commit a6ad8af

- nvme: remove nvme_alloc_request and nvme_alloc_request_qid
  (bsc#1214064).
  Refresh:
  - patches.suse/nvme-tcp-delay-error-recovery-until-the-next-kato.patch
- commit 6fc2117

- rpm templates: Move macro definitions below buildrequires
  Many of the rpm macros defined in the kernel packages depend directly or
  indirectly on script execution. OBS cannot execute scripts which means
  values of these macros cannot be used in tags that are required for OBS
  to see such as package name, buildrequires or buildarch.
  Accumulate macro definitions that are not directly expanded by mkspec
  below buildrequires and buildarch to make this distinction clear.
- commit 89eaf4c

- rpm/check-for-config-changes: add GCC_ASM_GOTO_OUTPUT_WORKAROUND to IGNORED_CONFIGS_RE
  Introduced by commit 68fb3ca0e408 ("update workarounds for gcc "asm
  goto" issue").
- commit be1bdab

- net: openvswitch: limit the number of recursions from action
  sets (bsc#1219835 CVE-2024-1151).
- commit ed2fd55

- README.BRANCH: use correct mail for Roy
- commit 6f3c32f

- compute-PATCHVERSION: Do not produce output when awk fails
  compute-PATCHVERSION uses awk to produce a shell script that is
  subsequently executed to update shell variables which are then printed
  as the patchversion.
  Some versions of awk, most notably bysybox-gawk do not understand the
  awk program and fail to run. This results in no script generated as
  output, and printing the initial values of the shell variables as
  the patchversion.
  When the awk program fails to run produce 'exit 1' as the shell script
  to run instead. That prevents printing the stale values, generates no
  output, and generates invalid rpm spec file down the line. Then the
  problem is flagged early and should be easier to diagnose.
- commit 8ef8383

- nvme: move nvme_stop_keep_alive() back to original position
  (bsc#1211515).
- commit b945fa0

- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- commit 636fc4c

- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
  Also add the removed mds_user_clear symbol to kABI severities as it is
  exposed just for KVM module and is generally a core kernel component so
  removing it is low risk.
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- commit 5b0be3c

- netfilter: nf_tables: disallow rule removal from chain binding
  (bsc#1218216 CVE-2023-5197).
- commit d7a1a4d

- netfilter: nf_tables: skip bound chain in netns release path
  (bsc#1218216 CVE-2023-5197).
- commit af879c8

- nvme: start keep-alive after admin queue setup (bsc#1211515).
- commit 13f904b

- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
  (bsc#1219127 CVE-2024-23849).
- commit 43577c1

- kernel-binary: Move build script to the end
  All other spec templates have the build script at the end, only
  kernel-binary has it in the middle. Align with the other templates.
- commit 98cbdd0

- rpm templates: Aggregate subpackage descriptions
  While in some cases the package tags, description, scriptlets and
  filelist are located together in other cases they are all across the
  spec file. Aggregate the information related to a subpackage in one
  place.
- commit 8eeb08c

- rpm templates: sort rpm tags
  The rpm tags in kernel spec files are sorted at random.
  Make the order of rpm tags somewhat more consistent across rpm spec
  templates.
- commit 8875c35

- dm: limit the number of targets and parameter size area
  (bsc#1219827, bsc#1219146, CVE-2023-52429, CVE-2024-23851).
- commit 26dc83e

- Fix unresolved hunks in README.BRANCH
- commit 99bb861

- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633).
- commit b6a1f9a

- vhost: use kzalloc() instead of kmalloc() followed by memset()
  (CVE-2024-0340, bsc#1218689).
- commit 4c5a740

- README.BRANCH: Update cve/linux-5.14 maintainers
  Add myself to match SLE15-SP5 consumer + fix typo in branch name.
- commit da26653

- Refresh patches.suse/nfsd-fix-RELEASE_LOCKOWNER.patch.
  Accidentally removed nfs4_get_stateowner
- commit d77a474

- kernel-binary: certs: Avoid trailing space
- commit bc7dc31

- Bluetooth: Fix atomicity violation in {min,max}_key_size_set
  (git-fixes bsc#1219608 CVE-2024-24860).
- commit a1186fd

- README.BRANCH: update branch name to cve/linux-5.14, update maintainers
  as requested
- commit 8e34879

- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config
  (bsc#1219653)
  They are put into -devel subpackage. And a proper link to
  /usr/share/gdb/auto-load/ is created.
- commit 1dccf2a

- netfilter: nf_tables: check if catch-all set element is active
  in next generation (CVE-2024-1085 bsc#1219429).
- commit 7b3f4c4

- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
  (CVE-2024-1086 bsc#1219434).
- commit 5f917ff

- Update
  patches.suse/drm-amdgpu-Fix-potential-fence-use-after-free-v2.patch
  (bsc#1219128 CVE-2023-51042 git-fixes).
- commit 4b937fc

- rpm/mkspec: sort entries in _multibuild
  Otherwise it creates unnecessary diffs when tar-up-ing. It's of course
  due to readdir() using "random" order as served by the underlying
  filesystem.
  See for example:
  https://build.opensuse.org/request/show/1144457/changes
- commit d1155de

- Revert "tracing: Increase trace array ref count on enable and
  filter files" (bsc#1219490).
  Deleted:
  patches.suse/tracing-Increase-trace-array-ref-count-on-enable-and-filter-files.patch
  patches.suse/tracing-Have-event-inject-files-inc-the-trace-array-ref-count.patch
  Backported commit f5ca233e2e66 ("tracing: Increase trace array ref count
  on enable and filter files") causes a kernel panic and its upstream
  fix-up bb32500fb9b7 ("tracing: Have trace_event_file have ref counters")
  cannot be easily backported because it affects kABI. Revert the commit
  and its one related + dependent patch, at least for now.
- commit 90d885a

- README.BRANCH: SLE15-SP4 became LTSS, update maintainers
- commit 94325df

- atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780
  bsc#1218730).
- commit 658d424

- xen-netback: don't produce zero-size SKB frags (CVE-2023-46838,
  XSA-448, bsc#1218836).
- commit 9a897ff

- Update
  patches.suse/ext4-fix-kernel-BUG-in-ext4_write_inline_data_end.patch
  (CVE-2021-33631 bsc#1219412 bsc#1206894).
- commit 96c942c

- kabi, vmstat: skip periodic vmstat update for isolated CPUs
  (bsc#1217895).
- commit 8cb5798

- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- trace,smp: Add tracepoints around remotelly called functions
  (bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs
  (bsc#1217895).
- Refresh
  patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 668c0e0

- kernel-source: Fix description typo
- commit 8abff35

- nvmet-tcp: Fix the H2C expected PDU len calculation
  (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
  CVE-2023-6356).
- nvmet-tcp: remove boilerplate code (bsc#1217987 bsc#1217988
  bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356).
- nvmet-tcp: fix a crash in nvmet_req_complete() (bsc#1217987
  bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
  CVE-2023-6356).
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C
  PDU length (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535
  CVE-2023-6536 CVE-2023-6356).
- commit d968940

- clocksource: Skip watchdog check for large watchdog intervals
  (bsc#1217217).
- commit 63b1d6d

- clocksource: disable watchdog checks on TSC when TSC is watchdog
  (bsc#1215885).
- commit 2f92dd8

- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968
  bsc#1219349).
- commit d38f35d

- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
  (CVE-2023-47233 bsc#1216702).
- commit 433859d

- rpm/constraints.in: set jobs for riscv to 8
  The same workers are used for x86 and riscv and the riscv builds take
  ages. So align the riscv jobs count to x86.
- commit b2c82b9

- net: sched: sch_qfq: Use non-work-conserving warning handler
  (CVE-2023-4921 bsc#1215275).
- commit b50ba0e

- mkspec: Use variant in constraints template
  Constraints are not applied consistently with kernel package variants.
  Add variant to the constraints template as appropriate, and expand it
  in mkspec.
- commit cc68ab9

- rpm/constraints.in: add static multibuild packages
  Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for
  constraints on multibuild) added "kernel-source:" prefix to the
  dynamically generated kernels. But there are also static ones like
  kernel-docs. Those fail to build as the constraints are still not
  applied.
  So add the prefix also to the static ones.
  Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it
  will ever be multibuilt...
- commit c2e0681

- Update
  patches.suse/drm-atomic-Fix-potential-use-after-free-in-nonblocki.patch
  (bsc#1219120 CVE-2023-51043 git-fixes).
- commit d004027

- Revert "Limit kernel-source build to architectures for which the kernel binary"
  This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132.
  The fix for bsc#1108281 directly causes bsc#1218768, revert.
- commit 2943b8a

- mkspec: Include constraints for both multibuild and plain package always
  There is no need to check for multibuild flag, the constraints can be
  always generated for both cases.
- commit 308ea09

- rpm/mkspec: use kernel-source: prefix for constraints on multibuild
  Otherwise the constraints are not applied with multibuild enabled.
- commit 841012b

- rpm/kernel-source.rpmlintrc: add action-ebpf
  Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf
  plugin) added this precompiled binary blob. Adapt rpmlintrc for
  kernel-source.
- commit b5ccb33

- block: Fix kabi header include (bsc#1218929).
- commit 8f511ac

- scripts/tar-up.sh: don't add spurious entry from kernel-sources.changes.old
  The previous change added the manual entry from kernel-sources.change.old
  to old_changelog.txt unnecessarily.  Let's fix it.
- commit fb033e8

- Update
  patches.suse/ext4-improve-error-recovery-code-paths-in-__ext4_rem.patch
  (bsc#1213017 bsc#1219053 CVE-2024-0775).
- commit 97ea702

- block: free the extended dev_t minor later (bsc#1218930).
- commit 0972f94

- rpm/kernel-docs.spec.in: fix build with 6.8
  Since upstream commit f061c9f7d058 (Documentation: Document each netlink
  family), the build needs python yaml.
- commit 6a7ece3

- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- commit 6f3116b

- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- commit 605df5b

- netfilter: nf_tables: Reject tables of unsupported family
  (bsc#1218752 CVE-2023-6040).
- commit e03f1d3

- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
  btree_gc_coalesce() (git-fixes).
- rbd: take header_rwsem in rbd_dev_refresh() only when updating
  (git-fixes).
- dm: don't lock fs when the map is NULL during suspend or resume
  (git-fixes).
- commit fe9ee72

- tipc: fix a potential deadlock on &tx->lock (bsc#1218916
  CVE-2024-0641).
- commit c872674

- Update metadata
- commit d121b79

- tipc: fix a potential deadlock on &tx->lock (bsc#1218916
  CVE-2024-0641).
- commit 7953be2

- Update metadata
- commit c015ae2

- smb: client: fix OOB in receive_encrypted_standard()
  (bsc#1218832 CVE-2024-0565).
- commit 3cac9c2

- ida: Fix crash in ida_free when the bitmap is empty (bsc#1218804
  CVE-2023-6915).
- commit 7caa324

- dm-integrity: don't modify bio's immutable bio_vec in
  integrity_metadata() (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm verity: don't perform FEC for failed readahead IO
  (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set()
  (git-fixes).
- bcache: add code comments for bch_btree_node_get() and
  __bch_btree_node_alloc() (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up
  race (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove redundant assignment to variable cur_idx
  (git-fixes).
- bcache: check return value from btree_node_alloc_replacement()
  (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size
  (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio
  (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices
  (git-fixes).
- rbd: decouple parent info read-in from updating rbd_dev
  (git-fixes).
- rbd: decouple header read-in from updating rbd_dev->header
  (git-fixes).
- rbd: move rbd_dev_refresh() definition (git-fixes).
- rbd: prevent busy loop when requesting exclusive lock
  (git-fixes).
- rbd: retrieve and check lock owner twice before blocklisting
  (git-fixes).
- rbd: harden get_lock_owner_info() a bit (git-fixes).
- rbd: make get_lock_owner_info() return a single locker or NULL
  (git-fixes).
- dm cache policy smq: ensure IO doesn't prevent cleaner policy
  progress (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr()
  (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr()
  error paths (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit
  architectures (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client
  (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior
  consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations
  (git-fixes).
- dm thin metadata: check fail_io before using data_sm
  (git-fixes).
- commit 7e800d7

- rbd: get snapshot context after exclusive lock is ensured to
  be held (git-fixes).
- Refresh for the above change,
  patches.suse/rbd-export-some-functions-used-by-lio-rbd-backend.patch.
  patches.suse/target_core_rbd-fix-rbd_img_request.snap_id-assignme.patch.
- commit dcd100d

- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
- Rebased for the above change,
  patches.suse/rbd-add-support-for-COMPARE_AND_WRITE-CMPEXT.patch.
- commit b5f85f8

- nbd: Fix debugfs_create_dir error checking (git-fixes).
- dm: don't lock fs when the map is NULL in process of resume
  (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init()
  error path (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error
  path (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC
  (git-fixes).
- nbd: fix incomplete validation of ioctl arg (git-fixes).
- null_blk: Always check queue mode setting from configfs
  (git-fixes).
- dm stats: check for and propagate alloc_percpu failure
  (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- commit ad93a37

- dm thin: fix deadlock when swapping to thin device
  (bsc#1177529).
- Delete the in-house patch by the above upstream patch,
  patches.suse/Avoid-deadlock-for-recursive-I-O-on-dm-thin-when-used-as-swap-4905.patch.
- commit 13bcec1

- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create()
  fails (git-fixes).
- dm cache: add cond_resched() to various workqueue loops
  (git-fixes).
- dm thin: add cond_resched() to various workqueue loops
  (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: remove flush_scheduled_work() during local_exit()
  (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm flakey: don't corrupt the zero page (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed
  block devices (git-fixes).
- loop: suppress uevents while reconfiguring the device
  (git-fixes).
- commit 2a9583d

- nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
- Refresh for the above change,
  patches.suse/0019-nbd-fix-io-hung-while-disconnecting-device.patch.
  patches.suse/0031-nbd-Fix-hung-when-signal-interrupts-nbd_start_device_ioctl.patch.
- commit 2cb1a83

- blacklist.conf: add non-backport git-fixes commit
- commit ab480ce

- dm verity: skip redundant verity_handle_err() on I/O errors
  (git-fixes).
- commit 7d823a7

- Update
  patches.kabi/NFS-Fix-another-fsync-issue-after-a-server-reboot.patch
  (git-fixes, bsc#1217670).
- commit 69dfe32

- blacklist.conf: df1c357f25d8 netfs: Only call folio_start_fscache() one time for each folio
- commit 049ab09

- intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
- commit 30bac4b

- Update patch reference for rose fix (CVE-2023-51782 bsc#1218757)
- commit da9f8e9

- blacklist.conf: c4d361f66ac9 fuse: share lookup state between submount and its parent
- commit 3180cfa

- powerpc/powernv: Add a null pointer check to
  scom_debug_init_one() (bsc#1194869).
- commit 5dce54b

- powerpc/pseries/iommu: enable_ddw incorrectly returns direct
  mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- commit f20e9a0

- powerpc/powernv: Add a null pointer check in opal_event_init()
  (bsc#1065729).
- commit 9ecfceb

- Store the old kernel changelog entries in kernel-docs package (bsc#1218713)
  The old entries are found in kernel-docs/old_changelog.txt in docdir.
  rpm/old_changelog.txt can be an optional file that stores the similar
  info like rpm/kernel-sources.changes.old.  It can specify the commit
  range that have been truncated.  scripts/tar-up.sh expands from the
  git log accordingly.
- commit c9a2566
krb5
- Fix memory leaks, add patch 0012-Fix-two-unlikely-memory-leaks.patch
  * CVE-2024-26458, bsc#1220770
  * CVE-2024-26461, bsc#1220771
less
- Fix CVE-2024-32487, mishandling of \n character in paths when
  LESSOPEN is set leads to OS command execution
  (CVE-2024-32487, bsc#1222849)
  * CVE-2024-32487.patch

- Fix CVE-2022-48624, LESSCLOSE handling in less does not quote shell
  metacharacters, bsc#1219901
  * CVE-2022-48624.patch
util-linux
- Properly neutralize escape sequences in wall
  (util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
  and its prerequisites: util-linux-fputs_careful1.patch,
  util-linux-wall-migrate-to-memstream.patch
  util-linux-fputs_careful2.patch).

- Add upstream patch
  more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
  bsc#1220117 - L3-Question: Processes not cleaned up after failed SSH session are using up 100% CPU
expat
- Security fix (boo#1221289, CVE-2024-28757): XML Entity Expansion
  attack when there is isolated use of external parsers.
  * Added expat-CVE-2024-28757.patch

- Security fix:
  * (CVE-2023-52425, bsc#1219559) denial of service (resource
    consumption) caused by processing large tokens.
  - Added patch expat-CVE-2023-52425-1.patch
  - Added patch expat-CVE-2023-52425-2.patch
  - Added patch expat-CVE-2023-52425-backport-parser-changes.patch
  - Added patch expat-CVE-2023-52425-fix-tests.patch
mozilla-nss
- update to NSS 3.90.2
  * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA
    decryption in TLS. (bsc#1216198)
  * bmo#1867408 - add a defensive check for large ssl_DefSend
    return values.
gcc13
- Update to GCC 13.3 release

- Update to gcc-13 branch head, b7a2697733d19a093cbdd0e200, git8761
- Removed gcc13-pr111731.patch now included upstream

- Add gcc13-amdgcn-remove-fiji.patch removing Fiji support from
  the GCN offload compiler as that is requiring Code Object version 3
  which is no longer supported by llvm18.

- Add gcc13-pr101523.patch to avoid combine spending too much
  compile-time and memory doing nothing on s390x.  [boo#1188441]

- Make requirement to lld version specific to avoid requiring the
  meta-package.

- Add gcc13-pr111731.patch to fix unwinding for JIT code.
  [bsc#1221239]

- Revert libgccjit dependency change.  [boo#1220724]

- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.

- Use %patch -P N instead of %patchN.

- Add gcc13-sanitizer-remove-crypt-interception.patch to remove
  crypt and crypt_r interceptors.  The crypt API change in SLE15 SP3
  breaks them.  [bsc#1219520]

- Update to gcc-13 branch head, 67ac78caf31f7cb3202177e642, git8285
- Add gcc13-pr88345-min-func-alignment.diff to add support for
  - fmin-function-alignment.  [bsc#1214934]

- Use %{_target_cpu} to determine host and build.

- Update to gcc-13 branch head, fc7d87e0ffadca49bec29b2107, git8250
  * Includes fix for building TVM.  [boo#1218492]

- Add cross-X-newlib-devel requires to newlib cross compilers.
  [boo#1219031]

- Package m2rte.so plugin in the gcc13-m2 sub-package rather than
  in gcc13-devel.  [boo#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs
  are linked against libstdc++6.

- Update to gcc-13 branch head, 36ddb5230f56a30317630a928, git8205

- Update to gcc-13 branch head, 741743c028dc00f27b9c8b1d5, git8109
  * Includes fix for building mariadb on i686.  [bsc#1217667]
  * Remove pr111411.patch contained in the update.

- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
  cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
  %product_libs_llvm_ver where available and adjust tool discovery
  accordingly.  This should also properly trigger re-builds when
  the patchlevel version of llvmVER changes, possibly changing
  the binary names we link to.  [bsc#1217450]
gnutls
- Security fix: [bsc#1218862, CVE-2024-0567]
  * gnutls: rejects certificate chain with distributed trust
  * Cockpit (which uses gnuTLS) rejects certificate chain with
    distributed trust.
  * Add gnutls-CVE-2024-0567.patch

- Security fix: [bsc#1218865, CVE-2024-0553]
  * Incomplete fix for CVE-2023-5981.
  * The response times to malformed ciphertexts in RSA-PSK
    ClientKeyExchange differ from response times of ciphertexts
    with correct PKCS#1 v1.5 padding.
  * Add gnutls-CVE-2024-0553.patch

- Security fix: [bsc#1217277, CVE-2023-5981]
  * Fix timing side-channel inside RSA-PSK key exchange.
  * auth/rsa_psk: side-step potential side-channel
  * Add curl-CVE-2023-5981.patch

- FIPS: PBKDF2 additional requirements [bsc#1209001]
  * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
  * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
  * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
  * Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
  * Add regression tests for the new PBKDF2 requirements.
  * Add gnutls-FIPS-pbkdf2-additional-requirements.patch

- libgnutls: Increase the limit of TLS PSK usernames from 128 to
  65535 characters. [bsc#1208237, jsc#PED-1562]
  * Upstream: https://gitlab.com/gnutls/gnutls/commit/f032324a
  * Add gnutls-increase-TLS-PSK-username-limit.patch

- FIPS: Fix pct_test() return code in case of error [bsc#1207183]
  * Rebase with the upstream version: gnutls-FIPS-PCT-DH.patch

- FIPS: Make the jitterentropy calls thread-safe [bsc#1208146]
  * Add gnutls-FIPS-jitterentropy-threadsafe.patch

- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183]
  * Rebase patches with the version submitted upstream.
  * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch
  * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch

- Security Fix: [bsc#1208143, CVE-2023-0361]
  * Bleichenbacher oracle in TLS RSA key exchange
  * Add gnutls-CVE-2023-0361.patch

- FIPS: Change all the 140-2 references to FIPS 140-3 in order to
  account for the new FIPS certification [bsc#1207346]
  * Add gnutls-FIPS-140-3-references.patch

- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183]
  * Add gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch

- Fix AVX CPU feature detection for OSXSAVE [bsc#1203299]
  * Fixes a SIGILL termination at the verzoupper instruction when
    trying to run GnuTLS on a Linux kernel with the noxsave command
    line parameter set. Relevant mostly for virutal systems.
  * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1282
  * Add gnutls-clear-AVX-bits-if-it-cannot-be-queried-XSAVE.patch

- FIPS: Set error state when jent init failed in FIPS mode [bsc#1202146]
  * Add patch gnutls-FIPS-Set-error-state-when-jent-init-failed.patch

- FIPS: Make XTS key check failure not fatal [bsc#1203779]
  * Add gnutls-Make-XTS-key-check-failure-not-fatal.patch
jitterentropy
- Fix a stack corruption on s390x: [bsc#1209627]
  * Output size of the STCKE command on s390x is 16 bytes, compared
    to 8 bytes of the STCK command. Fix a stack corruption in the
    s390x version of jent_get_nstime(). Add some more detailed
    information on the STCKE command.
  * github.com/smuellerDD/jitterentropy-library/commit/7bf9f85
  * Add jitterentropy-fix-a-stack-corruption-on-s390x.patch
ncurses
- Add patch ncurses-6.1-bsc1220061.patch (bsc#1220061, CVE-2023-45918)
  * Backport from ncurses-6.4-20230615.patch
    improve checks in convert_string() for corrupt terminfo entry
nghttp2
- security update
- added patches
  fix CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
  + nghttp2-CVE-2024-28182-1.patch
  fix CVE-2024-28182-2 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
  + nghttp2-CVE-2024-28182-2.patch
openssl-1_1
- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free
  security vulnerability. Calling the function SSL_free_buffers()
  potentially caused memory to be accessed that was previously
  freed in some situations and a malicious attacker could attempt
  to engineer a stituation where this occurs to facilitate a
  denial-of-service attack. [CVE-2024-4741, bsc#1225551]

- Security fix: [bsc#1222548, CVE-2024-2511]
  * Fix unconstrained session cache growth in TLSv1.3
  * Add openssl-CVE-2024-2511.patch

- Security fix: [bsc#1219243, CVE-2024-0727]
  * Add NULL checks where ContentInfo data can be NULL
  * Add openssl-CVE-2024-0727.patch
protobuf
- update to 25.1:
  * Raise warnings for deprecated python syntax usages
  * Add support for extensions in CRuby, JRuby, and FFI Ruby
  * Add support for options in CRuby, JRuby and FFI (#14594)
- update to 25.0:
  * Implement proto2/proto3 with editions
  * Defines Protobuf compiler version strings as macros and
    separates out suffix string definition.
  * Add utf8_validation feature back to the global feature set.
  * Setting up version updater to prepare for poison pills and
    embedding version info into C++, Python and Java gencode.
  * Merge the protobuf and upb Bazel repos
  * Editions: Introduce functionality to protoc for generating
    edition feature set defaults.
  * Editions: Migrate edition strings to enum in C++ code.
  * Create a reflection helper for ExtensionIdentifier.
  * Editions: Provide an API for C++ generators to specify their
    features.
  * Editions: Refactor feature resolution to use an intermediate
    message.
  * Publish extension declarations with declaration
    verifications.
  * Editions: Stop propagating partially resolved feature sets to
    plugins.
  * Editions: Migrate string_field_validation to a C++ feature
  * Editions: Include defaults for any features in the generated
    pool.
  * Protoc: parser rejects explicit use of map_entry option
  * Protoc: validate that reserved range start is before end
  * Protoc: support identifiers as reserved names in addition to
    string literals (only in editions)
  * Drop support for Bazel 5.
  * Allow code generators to specify whether or not they support
    editions.
  [#] C++
  * Set `PROTOBUF_EXPORT` on
    `InternalOutOfLineDeleteMessageLite()`
  * Update stale checked-in files
  * Apply PROTOBUF_NOINLINE to declarations of some functions
    that want it.
  * Implement proto2/proto3 with editions
  * Make JSON UTF-8 boundary check inclusive of the largest
    possible UTF-8 character.
  * Reduce `Map::size_type` to 32-bits. Protobuf containers can't
    have more than that
  * Defines Protobuf compiler version strings as macros and
    separates out suffix string definition.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    oneof accessors.
  * Fix bug in reflection based Swap of map fields.
  * Add utf8_validation feature back to the global feature set.
  * Setting up version updater to prepare for poison pills and
    embedding version info into C++, Python and Java gencode.
  * Add prefetching to arena allocations.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    repeated and map field accessors.
  * Editions: Migrate edition strings to enum in C++ code.
  * Create a reflection helper for ExtensionIdentifier.
  * Editions: Provide an API for C++ generators to specify their
    features.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    string field accessors.
  * Editions: Refactor feature resolution to use an intermediate
    message.
  * Fixes for 32-bit MSVC.
  * Publish extension declarations with declaration
    verifications.
  * Export the constants in protobuf's any.h to support DLL
    builds.
  * Implement AbslStringify for the Descriptor family of types.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    message field accessors.
  * Editions: Stop propagating partially resolved feature sets to
    plugins.
  * Editions: Migrate string_field_validation to a C++ feature
  * Editions: Include defaults for any features in the generated
    pool.
  * Introduce C++ feature for UTF8 validation.
  * Protoc: validate that reserved range start is before end
  * Remove option to disable the table-driven parser in protoc.
  * Lock down ctype=CORD in proto file.
  * Support split repeated fields.
  * In OSS mode omit some extern template specializations.
  * Allow code generators to specify whether or not they support
    editions.
  [#] Java
  * Implement proto2/proto3 with editions
  * Remove synthetic oneofs from Java gencode field accessor
    tables.
  * Timestamps.parse: Add error handling for invalid
    hours/minutes in the timezone offset.
  * Defines Protobuf compiler version strings as macros and
    separates out suffix string definition.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    oneof accessors.
  * Add missing debugging version info to Protobuf Java gencode
    when multiple files are generated.
  * Fix a bad cast in putBuilderIfAbsent when already present due
    to using the result of put() directly (which is null if it
    currently has no value)
  * Setting up version updater to prepare for poison pills and
    embedding version info into C++, Python and Java gencode.
  * Fix a NPE in putBuilderIfAbsent due to using the result of
    put() directly (which is null if it currently has no value)
  * Update Kotlin compiler to escape package names
  * Add MapFieldBuilder and change codegen to generate it and the
    put{field}BuilderIfAbsent method.
  * Introduce recursion limit in Java text format parsing
  * Consider the protobuf.Any invalid if typeUrl.split("/")
    returns an empty array.
  * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
  * Fixed Python memory leak in map lookup.
  * Loosen upb for json name conflict check in proto2 between
    json name and field
  * Defines Protobuf compiler version strings as macros and
    separates out suffix string definition.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    oneof accessors.
  * Ensure Timestamp.ToDatetime(tz) has correct offset
  * Do not check required field for upb python MergeFrom
  * Setting up version updater to prepare for poison pills and
    embedding version info into C++, Python and Java gencode.
  * Merge the protobuf and upb Bazel repos
  * Comparing a proto message with an object of unknown returns
    NotImplemented
  * Emit __slots__ in pyi output as a tuple rather than a list
    for --pyi_out.
  * Fix a bug that strips options from descriptor.proto in
    Python.
  * Raise warings for message.UnknownFields() usages and navigate
    to the new add
  * Add protobuf python keyword support in path for stub
    generator.
  * Add tuple support to set Struct
  * ### Python C-Extension (Default)
  * Comparing a proto message with an object of unknown returns
    NotImplemented
  * Check that ffi-compiler loads before using it to define
    tasks.
  [#] UPB (Python/PHP/Ruby C-Extension)
  * Include .inc files directly instead of through a filegroup
  * Loosen upb for json name conflict check in proto2 between
    json name and field
  * Add utf8_validation feature back to the global feature set.
  * Do not check required field for upb python MergeFrom
  * Merge the protobuf and upb Bazel repos
  * Added malloc_trim() calls to Python allocator so RSS will
    decrease when memory is freed
  * Upb: fix a Python memory leak in ByteSize()
  * Support ASAN detection on clang
  * Upb: bugfix for importing a proto3 enum from within a proto2
    file
  * Expose methods needed by Ruby FFI using UPB_API
  * Fix `PyUpb_Message_MergeInternal` segfault

- build against modern python on sle15

- Build with source and target levels 8
  * fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
  macro resolves the variables at the install time

- update to 23.4:
  * Add dllexport_decl for generated default instance.
  * Deps: Update Guava to 32.0.1

- update to 23.3:
  C++
  * Regenerate stale files
  * Use the same ABI for static and shared libraries on non-
    Windows platforms
  * Add a workaround for GCC constexpr bug
  Objective-C
  * Regenerate stale files
  UPB (Python/PHP/Ruby C-Extension)
  * Fixed a bug in `upb_Map_Delete()` that caused crashes in
    map.delete(k) for Ruby when string-keyed maps were in use.
  Compiler
  * Add missing header to Objective-c generator
  * Add a workaround for GCC constexpr bug
  Java
  * Rollback of: Simplify protobuf Java message builder by
    removing methods that calls the super class only.
  Csharp
  * [C#] Replace regex that validates descriptor names
- drop 0001-Use-the-same-ABI-for-static-and-shared-libraries-on-.patch (upstream)

- Add patch to fix linking ThreadSafeArena:
  * 0001-Use-the-same-ABI-for-static-and-shared-libraries-on-.patch
- Drop the protobuf-source package, no longer used

- update to 22.5:
  C++
  * Add missing cstdint header
  * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700)
  * Avoid using string(JOIN..., which requires cmake 3.12
  * Explicitly include GTest package in examples
  * Bump Abseil submodule to 20230125.3 (#12660)
- update to 22.4:
  C++
  * Fix libprotoc: export useful symbols from .so
  * Fix btree issue in map tests.
  Python
  * Fix bug in _internal_copy_files where the rule would fail in
    downstream repositories.
  Other
  * Bump utf8_range to version with working pkg-config (#12584)
  * Fix declared dependencies for pkg-config
  * Update abseil dependency and reorder dependencies to ensure
    we use the version specified in protobuf_deps.
  * Turn off clang::musttail on i386

- drop python2 handling
- fix version handling and package the private libs again

- Fix confusion in versions

- Mention the rpmlintrc file in the spec.

- Make possible to build on older systems, like SLE12 that miss
  some of the used macros.

- update to v22.3
  UPB (Python/PHP/Ruby C-Extension)
  * Remove src prefix from proto import
  * Fix .gitmodules to use the correct absl branch
  * Remove erroneous dependency on googletest
- update to 22.2:
  Java
  * Add version to intra proto dependencies and add kotlin stdlib
    dependency
  * Add $ back for osgi header
  * Remove $ in pom files
- update to 22.1:
  * Add visibility of plugin.proto to python directory
  * Strip "src" from file name of plugin.proto
  * Add OSGi headers to pom files.
  * Remove errorprone dependency from kotlin protos.
  * Version protoc according to the compiler version number.
- update to 22.0:
  * This version includes breaking changes to: Cpp.
    Please refer to the migration guide for information:
    https://protobuf.dev/support/migration/#compiler-22
  * [Cpp] Migrate to Abseil's logging library.
  * [Cpp] `proto2::Map::value_type` changes to `std::pair`.
  * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream,
    and DefaultFieldComparator classes.
  * [Cpp] Add a dependency on Abseil (#10416)
  * [Cpp] Remove all autotools usage (#10132)
  * [Cpp] Add C++20 reserved keywords
  * [Cpp] Dropped C++11 Support
  * [Cpp] Delete Arena::Init
  * [Cpp] Replace JSON parser with new implementation
  * [Cpp] Make RepeatedField::GetArena non-const in order to
    support split RepeatedFields.
  * long list of bindings specific fixes see
    https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
- python sub packages version is set 4.22.3 as defined in
  python/google/protobuf/__init__.py to stay compatible
- skip python2 builds by default
- drop patches:
  * 10355.patch,
  * gcc12-disable-__constinit-with-c++-11.patch (merged upstream)
- added patches:
  * add-missing-stdint-header.patch   added for compile fixes

- Enable LTO (boo#1133277).

- update to v21.12:
  * Python
  * Fix broken enum ranges (#11171)
  * Stop requiring extension fields to have a sythetic oneof (#11091)
  * Python runtime 4.21.10 not works generated code can not load valid
    proto.

- update to 21.11:
  * Python
  * Add license file to pypi wheels (#10936)
  * Fix round-trip bug (#10158)

- update to 21.10:
  * Java
  * Use bit-field int values in buildPartial to skip work on unset groups of
    fields. (#10960)
  * Mark nested builder as clean after clear is called (#10984)

- update to 21.9:
  * Ruby
  * Replace libc strdup usage with internal impl to restore musl compat (#10818)
  * Auto capitalize enums name in Ruby (#10454) (#10763)
  * Other
  * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
  * C++
  * 21.x No longer define no_threadlocal on OpenBSD (#10743)
  * Java
  * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
  * Refactoring java full runtime to reuse sub-message builders and prepare to
    migrate parsing logic from parse constructor to builder.
  * Move proto wireformat parsing functionality from the private "parsing
    constructor" to the Builder class.
  * Change the Lite runtime to prefer merging from the wireformat into mutable
    messages rather than building up a new immutable object before merging. This
    way results in fewer allocations and copy operations.
  * Make message-type extensions merge from wire-format instead of building up
    instances and merging afterwards. This has much better performance.
  * Fix TextFormat parser to build up recurring (but supposedly not repeated)
    sub-messages directly from text rather than building a new sub-message and
    merging the fully formed message into the existing field.

- update to 21.6:
  C++:
  * Reduce memory consumption of MessageSet parsing

- update to 21.5:
  PHP
  * Added getContainingOneof and getRealContainingOneof to descriptor.
  * fix PHP readonly legacy files for nested messages
  Python
  * Fixed comparison of maps in Python.

- add 10355.patch to fix soversioning

- update to 21.4:
  * Reduce the required alignment of ArenaString from 8 to 4

- update to 21.3:
  * C++
  * Add header search paths to Protobuf-C++.podspec (#10024)
  * Fixed Visual Studio constinit errors (#10232)
  * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
  * UPB
  * Allow empty package names (fixes behavior regression in 4.21.0)
  * Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
  * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
  * for x in mapping now yields keys rather than values, to match Python
    conventions and the behavior of the old library.
  * Lookup operations now correctly reject unhashable types as map keys.
  * We implement repr() to use the same format as dict.
  * Fix maps to use the ScalarMapContainer class when appropriate
  * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
  * PHP
  * Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041)
  * Python
  * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
  * Bazel
  * Add back a filegroup for :well_known_protos (#10061)

- Update to 21.2:
- C++
  - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
  - Escape GetObject macro inside protoc-generated code (#9739)
  - Update CMake configuration to add a dependency on Abseil (#9793)
  - Fix cmake install targets (#9822)
  - Use __constinit only in GCC 12.2 and up (#9936)
- Java
  - Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
- Python
  - Increment python major version to 4 in version.json for python upb (#9926)
  - The C extension module for Python has been rewritten to use the upb library.
  - This is expected to deliver significant performance benefits, especially when
    parsing large payloads. There are some minor breaking changes, but these
    should not impact most users. For more information see:
    https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
- PHP
  - [PHP] fix PHP build system (#9571)
  - Fix building packaged PHP extension (#9727)
  - fix: reserve "ReadOnly" keyword for PHP 8.1 and add compatibility (#9633)
  - fix: phpdoc syntax for repeatedfield parameters (#9784)
  - fix: phpdoc for repeatedfield (#9783)
  - Change enum string name for reserved words (#9780)
  - chore: [PHP] fix phpdoc for MapField keys (#9536)
  - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
- Ruby
  - Allow pre-compiled binaries for ruby 3.1.0 (#9566)
  - Implement respond_to? in RubyMessage (#9677)
  - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
  - Do not use range based UTF-8 validation in truffleruby (#9769)
  - Improve range handling logic of RepeatedField (#9799)
- Other
  - Fix invalid dependency manifest when using descriptor_set_out (#9647)
  - Remove duplicate java generated code (#9909)

- Do not use %%autosetup, but %%setup and %%patch on other line
  * Allows building on SLE-12-SP5

- Add temporary patch gcc12-disable-__constinit-with-c++-11.patch
  that addresses gh#protocolbuffers/protobuf#9916.
python3
- Add bpo38361-syslog-no-slash-ident.patch (bsc#1222109,
  gh#python/cpython!16557) fixes syslog making default "ident"
  from sys.argv[0].

- (bsc#1219666, CVE-2023-6597) Add
  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
  gh#python/cpython!99930) fixing symlink bug in cleanup of
  tempfile.TemporaryDirectory.
- Merge together bpo-36576-skip_tests_for_OpenSSL-111.patch into
  skip_SSL_tests.patch, and make them include all conditionals.

- Refresh CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
libsolv
- add a conflict to older libsolv-tools to libsolv-tools-base

- improve updating of installed multiversion packages
- fix decision introspection going into an endless loop in some
  cases
- added experimental lua bindings
- bump version to 0.7.29

- split libsolv-tools into libsolv-tools-base [jsc#PED-8153]

- build for multiple python versions [jsc#PED-6218]
- bump version to 0.7.28
libssh
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)
  * Added libssh-fix-ipv6-hostname-regression.patch
libxml2
- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
  * Added libxml2-CVE-2024-25062.patch
libzypp
- zypp-tui: Make sure translated texts use the correct textdomain
  (fixes #551)
- Skip libproxy1 requires for tumbleweed.
- version 17.34.1 (34)

- don't require libproxy1 on tumbleweed, it is optional now

- version 17.34.0 (34)
- Fix versioning scheme

- version 17.33.4 (35)

- add one more missing export for libyui-qt-pkg

- Revert eintrSafeCall behavior to setting errno to 0.
- version 17.33.3 (34)

- fix up requires_eq usage for libsolv-tools-base
- add one more missing export for PackageKit
- version 17.33.2

- version 17.33.1 (33)

- switch to reduced size libsolv-tools-base (jsc#PED-8153)

- Fixed check for outdated repo metadata as non-root user
  (bsc#1222086)
- Add ZYPP_API for exported functions and switch to
  visibility=hidden (jsc#PED-8153)
- Dynamically resolve libproxy (jsc#PED-8153)
- version 17.33.0 (33)

- Fix download from gpgkey URL (bsc#1223430, fixes openSUSE/zypper#546)
- version 17.32.6 (32)

- Don't try to refresh volatile media as long as raw metadata are
  present (bsc#1223094)
- version 17.32.5 (32)

- Fix creation of sibling cache dirs with too restrictive mode
  (bsc#1222398)
  Some install workflows in YAST may lead to too restrictive (0700)
  raw cache directories in case of newly created repos. Later
  commands running with user privileges may not be able to access
  these repos.
- version 17.32.4 (32)

- Update RepoStatus fromCookieFile according to the files mtime
  (bsc#1222086)
- TmpFile: Don't call chmod if makeSibling failed.
- version 17.32.3 (32)

- Fixup New VendorSupportOption flag VendorSupportSuperseded
  (jsc#OBS-301, jsc#PED-8014)
  Fixed the name of the keyword to "support_superseded" as it was
  agreed on in jsc#OBS-301.
- version 17.32.2 (32)

- Add resolver option 'removeUnneeded' to file weak remove jobs
  for unneeded packages (bsc#1175678)
- version 17.32.1 (32)

- Add resolver option 'removeOrphaned' for distupgrade
  (bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded
  (jsc#OBS-301, jsc#PED-8014)
- Tests: fix vsftpd.conf where SUSE and Fedora use different
  defaults (fixes #522)
- Add default stripe minimum (#529)
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config.
- version 17.32.0 (32)

- ProblemSolution::skipsPatchesOnly overload to handout the
  patches.
- Remove https->http redirection exceptions for
  download.opensuse.org.
- version 17.31.32 (22)

- tui: allow to access the underlying ostream of out::Info.
- Add MLSep: Helper to produce not-NL-terminated multi line
  output.
- version 17.31.31 (22)

- applydeltaprm: Create target directory if it does not exist
  (bsc#1219442)
- Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514)
- Fix problems with EINTR in ExternalDataSource::getline (fixes
  bsc#1215698)
- version 17.31.30 (22)

- CheckAccessDeleted: fix running_in_container detection
  (bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime
  (bsc#1218831)
- Make Wakeup class EINTR safe.
- Add a way to cancel media operations on shutdown
  (openSUSE/zypper#522)
  This patch adds a mechanism to signal libzypp that a shutdown was
  requested, usually when CTRL+C was pressed by the user. Currently
  only the media backend will utilize this, but can be extended to
  all code paths that use g_poll() to wait for events.
- Manually poll fds for curl in MediaCurl.
  Using curl_easy_perform does not give us the required control on
  when we want to cancel a download. Switching to the MultiCurl
  implementation with a external poll() event loop will give us
  much more freedom and helps us to improve our Ctrl+C handling.
- Move reusable curl poll code to curlhelper.h.
- version 17.31.29 (22)

- Fix to build with libxml 2.12.x (fixes #505)
- version 17.31.28 (22)
shadow
- bsc#1176006: Fix chage date miscalculation
  Add shadow-bsc1176006-chage-date.patch
- bsc#1188307: Fix passwd segfault
  Add shadow-bsc1188307-passwd-segfault.patch
- bsc#1203823: Remove pam_keyinit from PAM config files
  Remove pam_keyinit from PAM configuration.
  This was introduced for bsc#1144060.
netcfg
- Add krb-prop entry, fix for bsc#1211886.
openssh
- Add patches from upstream to change the default value of
  UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled).
  This makes ssh update the known_hosts stored keys with all
  published versions by the server (after it's authenticated
  with an existing key), which will allow to identify the
  server with a different key if the existing key is considered
  insecure at some point in the future (bsc#1222831).
  * 0001-upstream-enable-UpdateHostkeys-by-default-when-the.patch
  * 0002-upstream-disable-UpdateHostkeys-by-default-if.patch

- Add patches openssh-7.7p1-seccomp_getuid.patch and
  openssh-bsc1216474-s390-leave-fds-open.patch
  (bsc#1216474, bsc#1218871)

- Fix hostbased ssh login failing occasionally with "signature
  unverified: incorrect signature" by fixing a typo in patch
  (bsc#1221123):
  * openssh-7.8p1-role-mls.patch

- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
  This limits the use of shell metacharacters in host- and
  user names.
pam-config
- Fix pam_gnome_keyring module for AUTH.
  [pam-config-fix-pam_gnome_keyring.patch, bsc#1219767]
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#166
- log grub2-install errors correctly (bsc#1221470)
- 0.947

- merge gh#openSUSE/perl-bootloader#161
- support old grub versions (<= 2.02) that used /usr/lib
  (bsc#1218842)
- create EFI boot fallback directory if necessary
- 0.946
perl
- fix space calculation issues in pp_pack.c [bnc#1082216]
  [CVE-2018-6913]
  * new patch: perl-pack-overflow.diff
- fix heap buffer overflow in regexec.c [bnc#1082233]
  [CVE-2018-6798]
  new patch: perl-regexec-heap-overflow.diff
- make Net::FTP work with TLS 1.3 [bnc#1213638]
  new patch: perl-net-ftp-tls13.diff
python-instance-billing-flavor-check
- Version 0.0.6 (bsc#1218561)
  Support proxy setup on the client to access the update infrastructure
  API

- Version 0.0.5
  Add IPv6 support (bsc#1218739)
python-Jinja2
- Add CVE-2024-34064.patch upstream patch
  (CVE-2024-34064, bsc#1223980, gh#pallets/jinja@0668239dc6b4)
  Also fixes (CVE-2024-22195, bsc#1218722)
python3-M2Crypto
- Disable broken tests with openssl 3.2, bsc#1217782

- add timeout_300hz.patch to accept a small deviation from time
  in the testsuite (bsc#1212757)

- Adapt tests for OpenSSL v3.1.0
  * Add openssl-adapt-tests-for-3.1.0.patch

- add openssl-stop-parsing-header.patch (bsc#1205042)
- add m2crypto-0.38-ossl3-tests.patch
python3-azuremetadata
- Version 5.1.6
  Fix empty list attributes (bsc#1218760)
python-idna
- Add CVE-2024-3651.patch, backported from upstream commit
  gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
  (bsc#1222842, CVE-2024-3651)
python-requests
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
  as a directory, bsc#1225912

- Add CVE-2024-35195.patch (CVE-2024-35195, bsc#1224788)
- Add httpbin.patch to fix a test failure caused by the previous patch.
salt
- Make "man" a recommended package instead of required

- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions
  on containers
- Discover Ansible playbook files as "*.yml" or "*.yaml"
  files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuite
  and python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuilld and create test flavor
- Prevent exceptions with fileserver.update when called
  via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET
  environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
- Added:
  * fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
  * decode-oscap-byte-stream-to-string-bsc-1219001.patch
  * fix-salt-warnings-and-testuite-for-python-3.11-635.patch
  * make-importing-seco.range-thread-safe-bsc-1211649.patch
  * improve-pip-target-override-condition-with-venv_pip_.patch
  * allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch
  * fix-problematic-tests-and-allow-smooth-tests-executi.patch
  * discover-both-.yml-and-.yaml-playbooks-bsc-1211888.patch
  * fix-tests-failures-and-errors-when-detected-on-vm-ex.patch
  * switch-oscap-encoding-to-utf-8-639.patch

- Prevent directory traversal when creating syndic cache directory
  on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file
  method (CVE-2024-22232, bsc#1219431)
- Added:
  * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch

- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs "__env__" and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
- Added:
  * fix-the-aptpkg.py-unit-test-failure.patch
  * enable-keepalive-probes-for-salt-ssh-executions-bsc-.patch
  * prefer-unittest.mock-for-python-versions-that-are-su.patch
  * update-__pillar__-during-pillar_refresh.patch
  * revert-make-sure-configured-user-is-properly-set-by-.patch
  * fix-gitfs-__env__-and-improve-cache-cleaning-bsc-119.patch
  * dereference-symlinks-to-set-proper-__cli-opt-bsc-121.patch
rpm-ndb
- remove imaevmsign plugin from rpm-ndb [bsc#1222259]
runc
- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
  properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
  + 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
  + 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
  + 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch

- Update to runc v1.1.12. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.12>. bsc#1218894
  * This release fixes a container breakout vulnerability (CVE-2024-21626). For
    more details, see the upstream security advisory:
    <https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
  * Remove upstreamed patches:
  - CVE-2024-21626.patch
  * Update runc.keyring to match upstream changes.

[ This was only ever released for SLES. ]
- Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894
  <https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
  + CVE-2024-21626.patch

- Update to runc v1.1.11. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.11>.
sed
- 0001-sed-set-correct-umask-on-temporary-files.patch
  Fix for bsc#1221218
selinux-policy
- Update to version 20210716+git68.8c5209d3:
  * allow haveged to manage tmpfs directories (bsc#1213594)
  * fix entropy daemon (bsc#1211045)
sudo
- Fix NOPASSWD issue introduced by patches for CVE-2023-42465
  [bsc#1221151, bsc#1221134]
  * Update sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch
  * Enable running regression selftests during build time.

- Security fix: [bsc#1219026, bsc#1220389, CVE-2023-42465]
  * Try to make sudo less vulnerable to ROWHAMMER attacks.
  * Add sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch
supportutils-plugin-suse-public-cloud
- Update to version 1.0.9 (bsc#1218762, bsc#1218763)
  + Remove duplicate data collection for the plugin itself
  + Collect archive metering data when available
  + Query billing flavor status
supportutils
- Changes in version 3.1.30
  + Added -V key:value pair option (bsc#1222021, PED-8211)
  + Avoid getting duplicate kernel verifications in boot.text (pr#193)
  + Suppress file descriptor leak warnings from lvm commands (pr#192, bsc#1220082)
  + Includes container log timestamps (pr#197)

- Changes to version 3.1.29
  + Extended scaling for performance (bsc#1214713)
  + Fixed kdumptool output error (bsc#1218632)
  + Corrected podman ID errors (bsc#1218812)
  + Duplicate non root podman entries removed (bsc#1218814)
  + Corrected get_sles_ver for SLE Micro (bsc#1219241)
  + Check nvidida-persistenced state (bsc#1219639)

- Additional changes in version 3.1.28
  + ipset - List entries for all sets
  + ipvsadm - Inspect the virtual server table (pr#185)
  + Correctly detects Xen Dom0 (bsc#1218201)
  + Fixed smart disk error (bsc#1218282)

- Changes in version 3.1.28
  + Inhibit the conversion of port numbers to port names for network files (cherry picked from commit 55f5f716638fb15e3eb1315443949ed98723d250)
  + powerpc: collect rtas_errd.log and lp_diag.log files (pr#175)
  + Get list of pam.d file (cherry picked from commit eaf35c77fd4bc039fd7e3d779ec1c2c6521283e2)
  + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173)
  + Added missing klp information to kernel-livepatch.txt (bsc#1216390)
  + Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388)
  + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547)
  + Optimize lsof usage (bsc#1183663)
  + Added mokutil commands for secureboot (pr#179)
  + Collects chrony or ntp as needed (bsc#1196293)

- Changes in version 3.1.27
  + Fixed podman display issue (bsc#1217287)
  + Added nvme-stas configuration to nvme.txt (bsc#1216049)
  + Added timed command to fs-files.txt (bsc#1216827)
  + Collects zypp history file issue#166 (bsc#1216522)
  + Changed -x OPTION to really be exclude only (issue#146)
  + Collect HA related rpm package versions in ha.txt (pr#169)
suse-build-key
- Switch container key to be default RSA 4096bit. (jsc#PED-2777)

- run rpm commands in import script only when libzypp is not
  active. bsc#1219189 bsc#1219123

- run import script also in %posttrans section, but only when
  libzypp is not active. bsc#1219189 bsc#1219123
suseconnect-ng
- Update to version 1.9.0
  * Fix certificate import for Yast when using a registration proxy with
    self-signed SSL certificate (bsc#1223107)

- Update to version 1.8.0
  * Allow "--rollback" flag to run on readonly filesystem (bsc#1220679)

- Update to version 1.7.0
  * Allow SUSEConnect on read write transactional systems (bsc#1219425)
systemd-default-settings
- Import 0.10
  5088997 SLE: Disable pids controller limit under user instances (jsc#SLE-10123)

- Import 0.9
  bb859bf user@.service: Disable controllers by default (jsc#PED-2276)

- The usage of drop-ins is now the official way for configuring systemd and its
  various daemons on Factory/ALP. Hence the early drop-ins SUSE specific
  "feature" has been abandoned.

- Import 0.8
  f34372f User priority '26' for SLE-Micro
  c8b6f0a Revert "Convert more drop-ins into early ones"

- Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2
  6b8dde1 Convert more drop-ins into early ones
systemd-rpm-macros
- Bump version to 15

- Order packages that requires systemd after systemd-sysvcompat when this part
  of the transaction (bsc#1217964)
  systemd-sysvcompat has been introduced recently and contains the compatibility
  scripts used to support SysV init scripts. Make sure that the packages ordered
  after systemd are also ordered after systemd-sysvcompat so theirs rpm
  scriptlets can still rely on the compat scripts.
  On distributions where systemd-sysvcompat doesn't exist, the new ordering
  constraint should be a nop.
timezone
- update to 2024a:
  * Kazakhstan unifies on UTC+5.  This affects Asia/Almaty and
    Asia/Qostanay which together represent the eastern portion of the
    country that will transition from UTC+6 on 2024-03-01 at 00:00 to
    join the western portion.  (Thanks to Zhanbolat Raimbekov.)
  * Palestine springs forward a week later than previously predicted
    in 2024 and 2025.  (Thanks to Heba Hamad.)  Change spring-forward
    predictions to the second Saturday after Ramadan, not the first;
    this also affects other predictions starting in 2039.
  * Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00
    not 00:00.  (Thanks to Đoàn Trần Công Danh.)
  * From 1947 through 1949, Toronto's transitions occurred at 02:00
    not 00:00.  (Thanks to Chris Walton.)
  * In 1911 Miquelon adopted standard time on June 15, not May 15.
  * The FROM and TO columns of Rule lines can no longer be "minimum"
    or an abbreviation of "minimum", because TZif files do not support
    DST rules that extend into the indefinite past - although these
    rules were supported when TZif files had only 32-bit data, this
    stopped working when 64-bit TZif files were introduced in 1995.
    This should not be a problem for realistic data, since DST was
    first used in the 20th century.  As a transition aid, FROM columns
    like "minimum" are now diagnosed and then treated as if they were
    the year 1900; this should suffice for TZif files on old systems
    with only 32-bit time_t, and it is more compatible with bugs in
    2023c-and-earlier localtime.c.  (Problem reported by Yoshito
    Umaoka.)
  * localtime and related functions no longer mishandle some
    timestamps that occur about 400 years after a switch to a time
    zone with a DST schedule.  In 2023d data this problem was visible
    for some timestamps in November 2422, November 2822, etc. in
    America/Ciudad_Juarez.  (Problem reported by Gilmore Davidson.)
  * strftime %s now uses tm_gmtoff if available.  (Problem and draft
    patch reported by Dag-Erling Smørgrav.)
  * The strftime man page documents which struct tm members affect
    which conversion specs, and that tzset is called.  (Problems
    reported by Robert Elz and Steve Summit.)

- update to 2023d:
  * Ittoqqortoormiit, Greenland changes time zones on
    2024-03-31.
  * Vostok, Antarctica changed time zones on 2023-12-18.
  * Casey, Antarctica changed time zones five times since
    2020.
  * Code and data fixes for Palestine timestamps starting in
    2072.
  * A new data file zonenow.tab for timestamps starting now.
  * Fix predictions for DST transitions in Palestine in
    2072-2075, correcting a typo introduced in 2023a.
  * Vostok, Antarctica changed to +05 on 2023-12-18.  It had
    been at +07 (not +06) for years.
  * Change data for Casey, Antarctica to agree with
    timeanddate.com, by adding five time zone changes since 2020.
    Casey is now at +08 instead of +11.
  * Much of Greenland, represented by America/Nuuk, changed
    its standard time from -03 to -02 on 2023-03-25, not on
    2023-10-28.
  * localtime.c no longer mishandles TZif files that contain
    a single transition into a DST regime.  Previously,
    it incorrectly assumed DST was in effect before the transition
    too.
  * tzselect no longer creates temporary files.
  * tzselect no longer mishandles the following:
  * Spaces and most other special characters in BUGEMAIL,
    PACKAGE, TZDIR, and VERSION.
  * TZ strings when using mawk 1.4.3, which mishandles
    regular expressions of the form /X{2,}/.
  * ISO 6709 coordinates when using an awk that lacks the
    GNU extension of newlines in -v option-arguments.
  * Non UTF-8 locales when using an iconv command that
    lacks the GNU //TRANSLIT extension.
  * zic no longer mishandles data for Palestine after the
    year 2075.
- Refresh tzdata-china.diff
util-linux-systemd
- Properly neutralize escape sequences in wall
  (util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
  and its prerequisites: util-linux-fputs_careful1.patch,
  util-linux-wall-migrate-to-memstream.patch
  util-linux-fputs_careful2.patch).

- Add upstream patch
  more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
  bsc#1220117 - L3-Question: Processes not cleaned up after failed SSH session are using up 100% CPU

- Add upstream patch
  util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
  bsc#1207987 gh#util-linux/util-linux@1d98827edde4
vim
- Updated to version 9.1 with patch level 0330, fixes the following problems
  * Fixing bsc#1220763 - vim gets Segmentation fault after updating to version 9.1.0111-150500.20.9.1
- refreshed vim-7.3-filetype_spec.patch
- refreshed vim-7.3-filetype_ftl.patch
- Update spec.skeleton to use autosetup in place of setup macro.
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.1.0111...v9.1.0330

- Updated to version 9.1 with patch level 0111, fixes the following security problems
  * Fixing bsc#1217316 (CVE-2023-48231) - VUL-0: CVE-2023-48231: vim: Use-After-Free in win_close()
  * Fixing bsc#1217320 (CVE-2023-48232) - VUL-0: CVE-2023-48232: vim: Floating point Exception in adjust_plines_for_skipcol()
  * Fixing bsc#1217321 (CVE-2023-48233) - VUL-0: CVE-2023-48233: vim: overflow with count for :s command
  * Fixing bsc#1217324 (CVE-2023-48234) - VUL-0: CVE-2023-48234: vim: overflow in nv_z_get_count
  * Fixing bsc#1217326 (CVE-2023-48235) - VUL-0: CVE-2023-48235: vim: overflow in ex address parsing
  * Fixing bsc#1217329 (CVE-2023-48236) - VUL-0: CVE-2023-48236: vim: overflow in get_number
  * Fixing bsc#1217330 (CVE-2023-48237) - VUL-0: CVE-2023-48237: vim: overflow in shift_line
  * Fixing bsc#1217432 (CVE-2023-48706) - VUL-0: CVE-2023-48706: vim: heap-use-after-free in ex_substitute
  * Fixing bsc#1219581 (CVE-2024-22667) - VUL-0: CVE-2024-22667: vim: stack-based buffer overflow in did_set_langmap function in map.c
  * Fixing bsc#1215005 (CVE-2023-4750) - VUL-0: CVE-2023-4750: vim: Heap use-after-free in function bt_quickfix
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111
wpa_supplicant
- Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975)
zypper
- Fixed check for outdated repo metadata as non-root user
  (bsc#1222086)
- BuildRequires:  libzypp-devel >= 17.33.0.
- Delay zypp lock until command options are parsed (bsc#1223766)
- version 1.14.73

- Unify message format(fixes #485)
- version 1.14.72

- switch cmake build type to RelWithDebInfo
- modernize spec file (remove Authors section, use proper macros,
  remove redundant clean section, don't mark man pages as doc)
- switch to -O2 -fvisibility=hidden -fpie:
  * PIC is not needed as no shared lib is built
  * fstack-protector-strong is default on modern dists and would
    be downgraded by fstack-protector
  * default visibility hidden allows better optimisation
  * O2 is reducing inlining bloat
  - > 18% reduced binary size

- remove procps requires (was only for ZMD which is dropped)
  (jsc#PED-8153)

- Do not try to refresh repo metadata as non-root user
  (bsc#1222086)
  Instead show refresh stats and hint how to update them.
- man: Explain how to protect orphaned packages by collecting
  them in a plaindir repo.
- packages: Add --autoinstalled and --userinstalled options to
  list them.
- Don't print 'reboot required' message if download-only or
  dry-run (fixes #529)
  Instead point out that a reboot would be required if the option
  was not used.
- Resepect zypper.conf option `showAlias` search commands
  (bsc#1221963)
  Repository::asUserString (or Repository::label) respects the
  zypper.conf option, while name/alias return the property.
- version 1.14.71

- dup: New option --remove-orphaned to remove all orphaned
  packages in dup (bsc#1221525)
- version 1.14.70

- info,summary: Support VendorSupportOption flag
  VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- BuildRequires:  libzypp-devel >= 17.32.0.
  API cleanup and changes for VendorSupportSuperseded.
- Show active dry-run/download-only at the commit propmpt.
- patch: Add --skip-not-applicable-patches option (closes #514)
- Fix printing detailed solver problem description.
  The problem description() is one rule out possibly many in
  completeProblemInfo() the solver has chosen to represent the
  problem. So either description or completeProblemInfo should be
  printed, but not both.
- Fix bash-completion to work with right adjusted numbers in the
  1st column too (closes #505)
- Set libzypp shutdown request signal on Ctrl+C (fixes #522)
- lr REPO: In the detailed view show all baseurls not just the
  first one (bsc#1218171)
- version 1.14.69